vulnerability

High-risk vulnerabilities patched in ABB Aspect building management system

High-risk vulnerabilities patched in ABB Aspect building management system 07/06/2023 at 13:06 By Help Net Security Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling […]

React to this headline:

Loading spinner

High-risk vulnerabilities patched in ABB Aspect building management system Read More »

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) 05/06/2023 at 15:10 By Zeljka Zorz The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many

React to this headline:

Loading spinner

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) Read More »

MOVEit Transfer Vulnerability Actively Exploited

MOVEit Transfer Vulnerability Actively Exploited 02/06/2023 at 17:04 By cybleinc Cyble analyzes MOVEit Transfer vulnerability and observes active exploitation in the Cyble Global Intelligence Sensors (CGSI). The post MOVEit Transfer Vulnerability Actively Exploited appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

MOVEit Transfer Vulnerability Actively Exploited Read More »

High-Severity Vulnerabilities Patched in Splunk Enterprise

High-Severity Vulnerabilities Patched in Splunk Enterprise 02/06/2023 at 16:54 By Ionut Arghire Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product. The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

High-Severity Vulnerabilities Patched in Splunk Enterprise Read More »

MOVEit Transfer zero-day attacks: The latest info

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Critical Vulnerabilities Found in Faronics Education Software

Critical Vulnerabilities Found in Faronics Education Software 01/06/2023 at 12:35 By Ionut Arghire Faronics patches critical-severity remote code execution (RCE) vulnerabilities in the Insight education software. The post Critical Vulnerabilities Found in Faronics Education Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Critical Vulnerabilities Found in Faronics Education Software Read More »

Zyxel firewalls under attack by Mirai-like botnet

Zyxel firewalls under attack by Mirai-like botnet 01/06/2023 at 11:52 By Zeljka Zorz CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS

React to this headline:

Loading spinner

Zyxel firewalls under attack by Mirai-like botnet Read More »

Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) 31/05/2023 at 14:51 By Helga Labus Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker with administrator

React to this headline:

Loading spinner

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) Read More »

Attackers hacked Barracuda ESG appliances via zero-day since October 2022

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 30/05/2023 at 20:10 By Zeljka Zorz Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations

React to this headline:

Loading spinner

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 Read More »

Many Vulnerabilities Found in PrinterLogic Enterprise Software

Many Vulnerabilities Found in PrinterLogic Enterprise Software 30/05/2023 at 17:06 By Ionut Arghire Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks. The post Many Vulnerabilities Found in PrinterLogic Enterprise Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Many Vulnerabilities Found in PrinterLogic Enterprise Software Read More »

Fresh perspectives needed to manage growing vulnerabilities

Fresh perspectives needed to manage growing vulnerabilities 26/05/2023 at 06:03 By Help Net Security In its inaugural 2023 Offensive Security Vision Report, NetSPI unveils findings that highlight vulnerability trends across applications, cloud, and networks. Vulnerability patterns The report offers a look back — and forward — at some of the most significant vulnerability patterns of

React to this headline:

Loading spinner

Fresh perspectives needed to manage growing vulnerabilities Read More »

GitLab Security Update Patches Critical Vulnerability

GitLab Security Update Patches Critical Vulnerability 25/05/2023 at 14:05 By Ionut Arghire GitLab CE/EE version 16.0.1 patches a critical arbitrary file read vulnerability tracked as CVE-2023-2825. The post GitLab Security Update Patches Critical Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

GitLab Security Update Patches Critical Vulnerability Read More »

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) 25/05/2023 at 13:07 By Zeljka Zorz A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001

React to this headline:

Loading spinner

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) Read More »

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals 25/05/2023 at 08:12 By Help Net Security The widespread adoption of remote and hybrid working practices in recent years has brought numerous benefits to various industries, but has also introduced new cyber threats, particularly in the critical infrastructure sector. These threats

React to this headline:

Loading spinner

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals Read More »

12 vulnerabilities newly associated with ransomware

12 vulnerabilities newly associated with ransomware 25/05/2023 at 06:04 By Help Net Security In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined, according to Ivanti. Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on

React to this headline:

Loading spinner

12 vulnerabilities newly associated with ransomware Read More »

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) 22/05/2023 at 14:05 By Zeljka Zorz A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a

React to this headline:

Loading spinner

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) Read More »

Cisco fixes critical flaws in Small Business Series Switches

Cisco fixes critical flaws in Small Business Series Switches 18/05/2023 at 12:50 By Helga Labus Nine vulnerabilities – 4 of them critical – have been found in a variety of Cisco Small Business Series Switches. PoC exploit code is available (but not public), and there is no indication that they are being exploited in the

React to this headline:

Loading spinner

Cisco fixes critical flaws in Small Business Series Switches Read More »

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) 17/05/2023 at 16:44 By Zeljka Zorz A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed

React to this headline:

Loading spinner

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) Read More »

Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks

Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks 16/05/2023 at 16:09 By Eduard Kovacs Critical vulnerabilities found in Teltonika products by industrial cybersecurity firms Otorio and Claroty expose thousands of internet-exposed devices to attacks. The post Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks Read More »

Scroll to Top