vulnerability

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager

Big-IP, F5, Vulnerabilities, vulnerability /

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager 2024-05-09 at 14:17 By Eduard Kovacs F5 has patched two potentially serious vulnerabilities in BIG-IP Next that could allow an attacker to take full control of a device. The post F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager appeared first on SecurityWeek. This article is […]

React to this headline:

Loading spinner

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager Read More »

Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience

vulnerability /

Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience 2024-05-08 at 13:16 By neetha871ad236bd Multiple Vulnerabilities Disclosed in CyberPower UPS Management Software  Executive Summary  UPS management software is employed by a broad spectrum of users, encompassing data centers, critical manufacturing sectors, healthcare facilities, educational institutions, government agencies, and beyond, to maintain uninterrupted mission-critical

React to this headline:

Loading spinner

Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience Read More »

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities

CISA, guidance, Vulnerabilities, vulnerability /

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities 2024-05-03 at 17:09 By Ionut Arghire CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure. The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities Read More »

Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps

Android, Mobile & Wireless, Vulnerabilities, vulnerability /

Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps 2024-05-03 at 14:31 By Eduard Kovacs Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations.  The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps Read More »

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks

CVE-2024-27322, Featured, Vulnerabilities, vulnerability /

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks 2024-04-30 at 17:16 By Ionut Arghire A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack. The post Vulnerability in R Programming Language Could Fuel Supply Chain Attacks appeared first

React to this headline:

Loading spinner

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

Don't miss, enterprise, network monitoring, News, PoC, Progress, Rhino Security, vulnerability /

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

React to this headline:

Loading spinner

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability

Cisco, Vulnerabilities, vulnerability /

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability 2024-04-18 at 15:46 By Ionut Arghire Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available. The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

React to this headline:

Loading spinner

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Don't miss, enterprise, exploit, firewall, GreyNoise, Hot stuff, News, Palo Alto Networks, PoC, security update, TrustedSec, Volexity, vulnerability, WatchTowr /

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

React to this headline:

Loading spinner

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

Don't miss, Hot stuff, News, public-key cryptography, SSH, vulnerability /

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) 2024-04-16 at 19:46 By Zeljka Zorz A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the

React to this headline:

Loading spinner

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) Read More »

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt

Delinea, Featured, Vulnerabilities, vulnerability /

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt 2024-04-16 at 13:46 By Eduard Kovacs PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw. The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared

React to this headline:

Loading spinner

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt Read More »

Juniper Networks Publishes Dozens of New Security Advisories

Juniper, Vulnerabilities, vulnerability /

Juniper Networks Publishes Dozens of New Security Advisories 2024-04-15 at 17:04 By Ionut Arghire Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products. The post Juniper Networks Publishes Dozens of New Security Advisories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Juniper Networks Publishes Dozens of New Security Advisories Read More »

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

access management, Delinea, Don't miss, enterprise, Hot stuff, News, PoC, privileged accounts, vulnerability, vulnerability disclosure /

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access 2024-04-15 at 14:46 By Zeljka Zorz Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server

React to this headline:

Loading spinner

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access Read More »

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, Volexity, vulnerability /

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks 2024-04-12 at 22:16 By Zeljka Zorz Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploited in limited attacks and has urged customers with vulnerable devices to quickly implement mitigations and workarounds. Palo Alto

React to this headline:

Loading spinner

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks Read More »

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages

Application Security, vulnerability /

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages 2024-04-12 at 14:31 By Ionut Arghire A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications. The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages Read More »

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, Volexity, vulnerability /

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) 2024-04-12 at 10:46 By Zeljka Zorz Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised. “Palo Alto Networks is

React to this headline:

Loading spinner

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Read More »

Critical D-Link NAS vulnerability under active exploitation 

exploit, vulnerability /

Critical D-Link NAS vulnerability under active exploitation  2024-04-11 at 14:31 By neetha871ad236bd Cyble Global Sensor Intelligence observed active exploitation of critical D-Link Vulnerability  Recently, the security community has raised concerns regarding the vulnerabilities found in D-Link Network Attached Storage (NAS) devices. The vulnerabilities, identified as CVE-2024-3272 and CVE-2024-3273 were disclosed initially by an individual who

React to this headline:

Loading spinner

Critical D-Link NAS vulnerability under active exploitation  Read More »

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

CISA, CVE, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, SonicWall, Tenable, Trend Micro, vulnerability, vulnerability management /

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

LG smart TVs may be taken over by remote attackers

Bitdefender, Don't miss, Hot stuff, Internet of Things, LG, News, security update, smart tv, vulnerability /

LG smart TVs may be taken over by remote attackers 2024-04-09 at 21:02 By Zeljka Zorz Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search

React to this headline:

Loading spinner

LG smart TVs may be taken over by remote attackers Read More »

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

D-Link, Don't miss, Hot stuff, NAS, News, vulnerability /

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive

React to this headline:

Loading spinner

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) Read More »

Scroll to Top