vulnerability

Attackers can steal NTLM password hashes via calendar invites

authentication, Don't miss, enterprise, Hot stuff, News, Outlook, passwords, SMBs, Varonis, vulnerability, Windows /

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has […]

React to this headline:

Loading spinner

Attackers can steal NTLM password hashes via calendar invites Read More »

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

CISA, Don't miss, endpoint management, exploit, GreyNoise, Ivanti, News, Rapid7, vulnerability /

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) 2024-01-19 at 19:49 By Zeljka Zorz A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities

React to this headline:

Loading spinner

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) Read More »

Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities

exploit, Malware, vulnerability /

Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities 2024-01-19 at 16:18 By cybleinc Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities Introduction Cyble Global Sensor Intelligence (CGSI) has detected the continuous exploitation of recently revealed vulnerabilities in Ivanti Connect Secure (ICS), previously known as Pulse Connect Secure

React to this headline:

Loading spinner

Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities Read More »

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

ICS, ICS/OT, SCADA, Vulnerabilities, vulnerability /

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks 2024-01-18 at 18:16 By Eduard Kovacs Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched. The post Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks Read More »

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

Cloud, CSIRO, Don't miss, News, security update, VMWare, vulnerability /

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) 2024-01-18 at 12:16 By Zeljka Zorz A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in the wild” exploitation of this

React to this headline:

Loading spinner

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) Read More »

GitHub Rotates Credentials in Response to Vulnerability

GitHub, Vulnerabilities, vulnerability /

GitHub Rotates Credentials in Response to Vulnerability 2024-01-17 at 15:31 By Ionut Arghire GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server. The post GitHub Rotates Credentials in Response to Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

GitHub Rotates Credentials in Response to Vulnerability Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian, Atlassian Confluence, CVE, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

React to this headline:

Loading spinner

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

VMware Urges Customers to Patch Critical Aria Automation Vulnerability 

VMWare, Vulnerabilities, vulnerability /

VMware Urges Customers to Patch Critical Aria Automation Vulnerability  2024-01-16 at 16:16 By Eduard Kovacs Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows. The post VMware Urges Customers to Patch Critical Aria Automation Vulnerability  appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

VMware Urges Customers to Patch Critical Aria Automation Vulnerability  Read More »

Remote Code Execution Vulnerability Found in Opera File Sharing Feature

Opera, Vulnerabilities, vulnerability /

Remote Code Execution Vulnerability Found in Opera File Sharing Feature 2024-01-16 at 16:16 By Ionut Arghire A vulnerability in Opera browser’s file sharing feature My Flow could be exploited for remote code execution. The post Remote Code Execution Vulnerability Found in Opera File Sharing Feature appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Remote Code Execution Vulnerability Found in Opera File Sharing Feature Read More »

GitLab Patches Critical Password Reset Vulnerability

GitLab, Vulnerabilities, vulnerability /

GitLab Patches Critical Password Reset Vulnerability 2024-01-15 at 13:46 By Ionut Arghire GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails. The post GitLab Patches Critical Password Reset Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

GitLab Patches Critical Password Reset Vulnerability Read More »

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Don't miss, enterprise, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) 2024-01-15 at 11:16 By Helga Labus Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat

React to this headline:

Loading spinner

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) Read More »

Akira ransomware attackers are wiping NAS and tape backups

backup, Cisco, Don't miss, EU, exploit, Hot stuff, NAS, News, Ransomware, vulnerability /

Akira ransomware attackers are wiping NAS and tape backups 2024-01-12 at 16:17 By Helga Labus “The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National Cybersecurity Center (NCSC-FI) has shared on Wednesday. NCSC-FI has received 12 reports of Akira

React to this headline:

Loading spinner

Akira ransomware attackers are wiping NAS and tape backups Read More »

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)

Cisco, Don't miss, Hot stuff, News, security update, vulnerability /

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) 2024-01-11 at 14:02 By Helga Labus Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging and

React to this headline:

Loading spinner

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) Read More »

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

automotive security, Don't miss, Hot stuff, manufacturing sector, News, Nozomi Networks, Ransomware, research, vulnerability /

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production 2024-01-09 at 17:46 By Zeljka Zorz Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. “Depending on a manufacturer’s use

React to this headline:

Loading spinner

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production Read More »

Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines

Featured, ICS, ICS/OT, IoT, IoT Security, vulnerability /

Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines 2024-01-09 at 16:01 By Eduard Kovacs Hackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand damage. The post Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines appeared first on SecurityWeek.

React to this headline:

Loading spinner

Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines Read More »

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

Cacti, Don't miss, Hot stuff, network monitoring, News, open source, security update, SQL injection, Synopsys, vulnerability /

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) 2024-01-09 at 14:01 By Helga Labus A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution. Cacti is often used in network operation centers of telecoms and web hosting

React to this headline:

Loading spinner

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) Read More »

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

QNAP, Vulnerabilities, vulnerability /

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products 2024-01-08 at 17:01 By Ionut Arghire QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws. The post QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products Read More »

Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs

Vulnerabilities, vulnerability /

Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs 2024-01-08 at 13:31 By Eduard Kovacs A total of more than 28,000 CVE IDs were assigned in 2023 and 84 new CVE Numbering Authorities (CNAs) were named.  The post Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs Read More »

Scroll to Top