vulnerability

Critical Vulnerability Can Allow Takeover of Mastodon Servers

Critical Vulnerability Can Allow Takeover of Mastodon Servers 10/07/2023 at 17:17 By Ionut Arghire A critical vulnerability in the Mastodon social networking platform may allow attackers to take over target servers. The post Critical Vulnerability Can Allow Takeover of Mastodon Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View […]

React to this headline:

Loading spinner

Critical Vulnerability Can Allow Takeover of Mastodon Servers Read More »

Malware delivery to Microsoft Teams users made easy

Malware delivery to Microsoft Teams users made easy 10/07/2023 at 14:33 By Zeljka Zorz A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’ default

React to this headline:

Loading spinner

Malware delivery to Microsoft Teams users made easy Read More »

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs 06/07/2023 at 14:46 By Eduard Kovacs A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs. The post StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs Read More »

Cloud security: Sometimes the risks may outweigh the rewards

Cloud security: Sometimes the risks may outweigh the rewards 03/07/2023 at 07:32 By Help Net Security Threat actors are well-aware of the vulnerability of our cloud infrastructure. The internet we have today is not equipped to serve the data needs of the future. When data is stored in the cloud, it can end up across

React to this headline:

Loading spinner

Cloud security: Sometimes the risks may outweigh the rewards Read More »

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses 30/06/2023 at 15:16 By Ionut Arghire Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. The post MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Read More »

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution 29/06/2023 at 16:47 By Ionut Arghire Researchers publish PoC for a high-severity authentication bypass vulnerability in the Arcserve UDP data backup solution. The post Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution Read More »

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) 29/06/2023 at 14:17 By Zeljka Zorz An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and

React to this headline:

Loading spinner

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) Read More »

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178)

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178) 23/06/2023 at 17:19 By Helga Labus Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. About the vulnerability Cisco Secure Client Software – previously known as

React to this headline:

Loading spinner

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178) Read More »

Microsoft Teams vulnerability allows attackers to deliver malware to employees

Microsoft Teams vulnerability allows attackers to deliver malware to employees 23/06/2023 at 15:24 By Zeljka Zorz Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use Microsoft Teams inherit Microsoft’s default configuration which allows users from outside of their organisation to reach out

React to this headline:

Loading spinner

Microsoft Teams vulnerability allows attackers to deliver malware to employees Read More »

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) 21/06/2023 at 11:42 By Zeljka Zorz CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation – enterprise admins are

React to this headline:

Loading spinner

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) Read More »

Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations

Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations 20/06/2023 at 16:11 By cybleinc Cyble investigates the Current vulnerability Threat landscape and observes distribution of Proof Of Concepts over Darkweb. The post Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations appeared first on Cyble. This article is an

React to this headline:

Loading spinner

Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations Read More »

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) 20/06/2023 at 13:05 By Zeljka Zorz Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially

React to this headline:

Loading spinner

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) Read More »

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) 19/06/2023 at 15:09 By Zeljka Zorz Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to

React to this headline:

Loading spinner

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) Read More »

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) 15/06/2023 at 13:01 By Helga Labus VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability

React to this headline:

Loading spinner

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) Read More »

It’s time to patch your MOVEit Transfer solution again!

It’s time to patch your MOVEit Transfer solution again! 12/06/2023 at 16:47 By Zeljka Zorz Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered additional SQL

React to this headline:

Loading spinner

It’s time to patch your MOVEit Transfer solution again! Read More »

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997)

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997) 11/06/2023 at 22:06 By Zeljka Zorz Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls and other devices, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be

React to this headline:

Loading spinner

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997) Read More »

Replace Barracuda ESG appliances, company urges

Replace Barracuda ESG appliances, company urges 09/06/2023 at 18:47 By Helga Labus Barracuda Networks is urging customers running phyisical Email Security Gateway (ESG) appliances to replace them immediately, “regardless of patch version level.” Vulnerability identification and disclosure Barracuda has identified a critical vulnerability (CVE-2023-2868) in their ESG appliances on May 19, 2023, and pushed a

React to this headline:

Loading spinner

Replace Barracuda ESG appliances, company urges Read More »

Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data

Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data 08/06/2023 at 18:48 By Eduard Kovacs Vulnerabilities found by a researcher in a Honda ecommerce platform used for equipment sales exposed customer and dealer information. The post Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data Read More »

Cl0p announces rules for extortion negotiation after MOVEit hack

Cl0p announces rules for extortion negotiation after MOVEit hack 08/06/2023 at 14:03 By Zeljka Zorz The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their

React to this headline:

Loading spinner

Cl0p announces rules for extortion negotiation after MOVEit hack Read More »

Exploited zero-day patched in Chrome (CVE-2023-3079)

Exploited zero-day patched in Chrome (CVE-2023-3079) 07/06/2023 at 13:07 By Helga Labus Google has fixed a high-severity vulnerability in the Chrome browser (CVE-2023-3079) that is being exploited by attackers. About the vulnerability CVE-2023-3079 is a vulnerability that stems from a type confusion in the V8 JavaScript engine, and has been uncovered by Clément Lecigne of

React to this headline:

Loading spinner

Exploited zero-day patched in Chrome (CVE-2023-3079) Read More »

Scroll to Top