vulnerability

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)

Don't miss, Hot stuff, Ivanti, News, security update, Tenable, vulnerability /

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) 16/08/2023 at 12:50 By Helga Labus Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into […]

React to this headline:

Loading spinner

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) Read More »

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks

attack, Cisco, Cloudflare, Data leak, Don't miss, Hot stuff, Malwarebytes, Mozilla, News, NordVPN, Privacy, research, VPN, vulnerability /

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks 14/08/2023 at 16:47 By Zeljka Zorz Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, researchers have discovered. “Our attacks are not computationally expensive, meaning anyone with the appropriate

React to this headline:

Loading spinner

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks Read More »

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking

ATM, Endpoint Security, Featured, Vulnerabilities, vulnerability /

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking 14/08/2023 at 13:46 By Eduard Kovacs Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs. The post Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking Read More »

Major vulnerabilities discovered in data center solutions

critical infrastructure, data center, Don't miss, Hot stuff, News, security update, Trellix, vulnerability /

Major vulnerabilities discovered in data center solutions 14/08/2023 at 13:17 By Helga Labus Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). “An attacker could chain these vulnerabilities together to gain full access to these

React to this headline:

Loading spinner

Major vulnerabilities discovered in data center solutions Read More »

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

ICS, ICS/OT, Microsoft, vulnerability /

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying 11/08/2023 at 15:16 By Eduard Kovacs Over a dozen Codesys vulnerabilities discovered by Microsoft researchers can be exploited to shut down industrial processes or deploy backdoors. The post Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying Read More »

How to handle API sprawl and the security threat it poses

API security, cybersecurity, Don't miss, Expert analysis, Expert corner, F5 Networks, Hot stuff, opinion, vulnerability /

How to handle API sprawl and the security threat it poses 11/08/2023 at 08:34 By Help Net Security The proliferation of APIs has marked them as prime targets for malicious attackers. With recent reports indicating that API vulnerabilities are costing businesses billions of dollars annually, it’s no wonder they are at the top of mind

React to this headline:

Loading spinner

How to handle API sprawl and the security threat it poses Read More »

White House launches AI Cyber Challenge to make software more secure

Anthropic, Artificial Intelligence, Black Hat USA 2023, critical infrastructure, cybersecurity, darpa, DEF CON, Google, Government, Microsoft, News, OpenAI, OpenSSF, software, USA, vulnerability /

White House launches AI Cyber Challenge to make software more secure 10/08/2023 at 12:33 By Help Net Security The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure. The AI Cyber Challenge (AIxCC) will challenge

React to this headline:

Loading spinner

White House launches AI Cyber Challenge to make software more secure Read More »

SAP Patches Critical Vulnerability in PowerDesigner Product

SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerability in PowerDesigner Product 09/08/2023 at 13:31 By Eduard Kovacs SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product. The post SAP Patches Critical Vulnerability in PowerDesigner Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

SAP Patches Critical Vulnerability in PowerDesigner Product Read More »

Downfall attacks can gather passwords, encryption keys from Intel processors

Amd, AWS, Citrix, CPU, Debian, Don't miss, Google, Hot stuff, Intel, News, security update, VMWare, vulnerability /

Downfall attacks can gather passwords, encryption keys from Intel processors 09/08/2023 at 13:02 By Zeljka Zorz A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and

React to this headline:

Loading spinner

Downfall attacks can gather passwords, encryption keys from Intel processors Read More »

Data exfiltration is now the go-to cyber extortion strategy

Akamai, Black Hat USA 2023, cybercrime, News, Ransomware, report, survey, vulnerability /

Data exfiltration is now the go-to cyber extortion strategy 09/08/2023 at 06:32 By Help Net Security The abuse of zero-day and one-day vulnerabilities in the past six months led to a 143% increase in victims when comparing Q1 2022 with Q1 2023, according to Akamai. Ransomware groups target the exfiltration of files The report also

React to this headline:

Loading spinner

Data exfiltration is now the go-to cyber extortion strategy Read More »

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)

Don't miss, Horizon3.ai, News, security update, Tenable, Trend Micro, vulnerability /

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) 07/08/2023 at 13:48 By Zeljka Zorz Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they noted, unlike the PaperCut vulnerability

React to this headline:

Loading spinner

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) Read More »

Top 12 vulnerabilities routinely exploited in 2022

ACSC, CISA, Don't miss, exploit, FBI, Hot stuff, NCSC, News, trends, vulnerability /

Top 12 vulnerabilities routinely exploited in 2022 04/08/2023 at 16:31 By Helga Labus Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also “popular” with attackers. The top 12 “In 2022, malicious cyber actors exploited older

React to this headline:

Loading spinner

Top 12 vulnerabilities routinely exploited in 2022 Read More »

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

Ivanti, Vulnerabilities, vulnerability /

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed 04/08/2023 at 13:31 By Eduard Kovacs Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed. The post Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed appeared first on

React to this headline:

Loading spinner

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed Read More »

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

Featured, Government, Vulnerabilities, vulnerability /

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities 04/08/2023 at 12:31 By Ionut Arghire Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The post Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities Read More »

VPNs remain a risky gamble for remote access

cybersecurity, News, Ransomware, report, survey, VPN, vulnerability, zero trust, Zscaler /

VPNs remain a risky gamble for remote access 04/08/2023 at 06:33 By Help Net Security Organizations are expressing deep concerns about their network security due to the risks from VPNs, according to a new Zscaler report. The report stresses the need for organizations to reevaluate their security posture and migrate to a zero-trust architecture due

React to this headline:

Loading spinner

VPNs remain a risky gamble for remote access Read More »

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

ICS, ICS/OT, vulnerability /

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis 03/08/2023 at 19:46 By Eduard Kovacs CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor. The post 670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis appeared

React to this headline:

Loading spinner

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis Read More »

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)

0-day, Don't miss, endpoint management, Hot stuff, Ivanti, MobileIron, News, Rapid7, security update, vulnerability /

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) 03/08/2023 at 13:46 By Helga Labus Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of

React to this headline:

Loading spinner

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) Read More »

Salesforce and Meta suffer phishing campaign that evades typical detection methods

0-day, cybercrime, cybersecurity, email security, Facebook, Guardio, News, phishing, Salesforce, vulnerability /

Salesforce and Meta suffer phishing campaign that evades typical detection methods 02/08/2023 at 17:18 By Help Net Security The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability allowed threat actors

React to this headline:

Loading spinner

Salesforce and Meta suffer phishing campaign that evades typical detection methods Read More »

Android n-day bugs pose zero-day threat

0-day, Android, Don't miss, Google, Hot stuff, News, patching, vulnerability /

Android n-day bugs pose zero-day threat 01/08/2023 at 14:17 By Helga Labus In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the vendor but known to – and

React to this headline:

Loading spinner

Android n-day bugs pose zero-day threat Read More »

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

0-day, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, Mnemonic, MobileIron, News, security update, vulnerability /

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) 31/07/2023 at 16:32 By Helga Labus Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to target

React to this headline:

Loading spinner

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) Read More »

Scroll to Top