vulnerability

Satellites lack standard security mechanisms found in mobile phones and laptops

attacks, authentication, communication, cybersecurity, News, report, reverse engineering, vulnerability /

Satellites lack standard security mechanisms found in mobile phones and laptops 14/07/2023 at 07:34 By Help Net Security Researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security in Saarbrücken have assessed the security mechanisms of satellites currently orbiting the Earth from an IT perspective. Moritz Schloegel (left) and Johannes Willbold analyzed […]

React to this headline:

Loading spinner

Satellites lack standard security mechanisms found in mobile phones and laptops Read More »

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)

critical infrastructure, Don't miss, Dragos, energy sector, firmware, Hot stuff, ICS/SCADA, manufacturing sector, News, PLC, Rockwell Automation, security update, vulnerability /

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) 13/07/2023 at 15:46 By Zeljka Zorz Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an

React to this headline:

Loading spinner

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) Read More »

Microsoft Zero Day Vulnerability CVE-2023-36884 Being Actively Exploited

CVE-2023-36884, Microsoft Office, NATO, Ransomware, RomCom, Russia-Ukraine conflict, Storm-0978, Underground Ransomware, vulnerability, Zero-Day /

Microsoft Zero Day Vulnerability CVE-2023-36884 Being Actively Exploited 12/07/2023 at 16:03 By cybleinc CRIL analyzes the impact of Zero-Day Exploit for CVE-2023-36884 in cyber espionage and ransomware operations. The post Microsoft Zero Day Vulnerability CVE-2023-36884 Being Actively Exploited appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this

React to this headline:

Loading spinner

Microsoft Zero Day Vulnerability CVE-2023-36884 Being Actively Exploited Read More »

Same code, different ransomware? Leaks kick-start myriad of new variants

Cryptocurrency, cybercriminals, Email, ESET, News, Ransomware, report, sextortion, threats, vulnerability /

Same code, different ransomware? Leaks kick-start myriad of new variants 12/07/2023 at 14:54 By Help Net Security Threat landscape trends demonstrate the impressive flexibility of cybercriminals as they continually seek out fresh methods of attack, including exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, and defrauding individuals, according to the H1 2023 ESET Threat Report.

React to this headline:

Loading spinner

Same code, different ransomware? Leaks kick-start myriad of new variants Read More »

Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution

Fortinet, Vulnerabilities, vulnerability /

Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution 12/07/2023 at 14:54 By Ionut Arghire Fortinet patches a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution. The post Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution Read More »

Chinese hackers forged authentication tokens to breach government emails

cloud security, cyber espionage, data theft, Don't miss, Europe, Government, Hot stuff, Microsoft, News, Outlook, USA, vulnerability /

Chinese hackers forged authentication tokens to breach government emails 12/07/2023 at 13:17 By Zeljka Zorz Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident

React to this headline:

Loading spinner

Chinese hackers forged authentication tokens to breach government emails Read More »

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)

0-day, BlackBerry, Cisco, cyber espionage, cybercrime, Don't miss, drivers, Google, Hot stuff, Microsoft, MS Office, News, Ransomware, rootkits, security update, Tenable, Trend Micro, Volexity, vulnerability, Windows /

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) 11/07/2023 at 22:31 By Zeljka Zorz For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks

React to this headline:

Loading spinner

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) Read More »

Owncast, EaseProbe security vulnerabilities revealed

CVE, News, open source, Oxeye, software, vulnerability, vulnerability disclosure /

Owncast, EaseProbe security vulnerabilities revealed 11/07/2023 at 11:17 By Help Net Security Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted,

React to this headline:

Loading spinner

Owncast, EaseProbe security vulnerabilities revealed Read More »

Critical Vulnerability Can Allow Takeover of Mastodon Servers

Mastodon, Vulnerabilities, vulnerability /

Critical Vulnerability Can Allow Takeover of Mastodon Servers 10/07/2023 at 17:17 By Ionut Arghire A critical vulnerability in the Mastodon social networking platform may allow attackers to take over target servers. The post Critical Vulnerability Can Allow Takeover of Mastodon Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Critical Vulnerability Can Allow Takeover of Mastodon Servers Read More »

Malware delivery to Microsoft Teams users made easy

collaboration, Don't miss, enterprise, Hot stuff, Malware, Microsoft 365, Microsoft Teams, News, red team, SMBs, vulnerability /

Malware delivery to Microsoft Teams users made easy 10/07/2023 at 14:33 By Zeljka Zorz A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’ default

React to this headline:

Loading spinner

Malware delivery to Microsoft Teams users made easy Read More »

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs

kernel, Linux, StackRot, Vulnerabilities, vulnerability /

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs 06/07/2023 at 14:46 By Eduard Kovacs A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs. The post StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs Read More »

Cloud security: Sometimes the risks may outweigh the rewards

Akamai, Cloud, cloud computing, cloud security, cybersecurity, Don't miss, Expert analysis, Hot stuff, News, opinion, vulnerability /

Cloud security: Sometimes the risks may outweigh the rewards 03/07/2023 at 07:32 By Help Net Security Threat actors are well-aware of the vulnerability of our cloud infrastructure. The internet we have today is not equipped to serve the data needs of the future. When data is stored in the cloud, it can end up across

React to this headline:

Loading spinner

Cloud security: Sometimes the risks may outweigh the rewards Read More »

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

Application Security, CWE, MITRE, Vulnerabilities, vulnerability /

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses 30/06/2023 at 15:16 By Ionut Arghire Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. The post MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Read More »

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution

Arcserve, Vulnerabilities, vulnerability /

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution 29/06/2023 at 16:47 By Ionut Arghire Researchers publish PoC for a high-severity authentication bypass vulnerability in the Arcserve UDP data backup solution. The post Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution Read More »

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)

Arcserve, backup, Data Protection, Don't miss, enterprise, Hot stuff, MDSec, News, PoC, vulnerability /

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) 29/06/2023 at 14:17 By Zeljka Zorz An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found – and

React to this headline:

Loading spinner

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258) Read More »

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178)

Cisco, Don't miss, exploit, Hot stuff, News, PoC, security update, vulnerability, Windows /

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178) 23/06/2023 at 17:19 By Helga Labus Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. About the vulnerability Cisco Secure Client Software – previously known as

React to this headline:

Loading spinner

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178) Read More »

Microsoft Teams vulnerability allows attackers to deliver malware to employees

collaboration, Don't miss, enterprise, Hot stuff, Jumpsec, Malware, Microsoft 365, Microsoft Teams, News, red team, SMBs, vulnerability /

Microsoft Teams vulnerability allows attackers to deliver malware to employees 23/06/2023 at 15:24 By Zeljka Zorz Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use Microsoft Teams inherit Microsoft’s default configuration which allows users from outside of their organisation to reach out

React to this headline:

Loading spinner

Microsoft Teams vulnerability allows attackers to deliver malware to employees Read More »

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)

Don't miss, enterprise, GreyNoise, Hot stuff, News, patch, VMWare, vulnerability /

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) 21/06/2023 at 11:42 By Zeljka Zorz CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation – enterprise admins are

React to this headline:

Loading spinner

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) Read More »

Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations

Aria Operations, Cl0P Ransomware, CLOP, Command Injection, CVE-2023-20877, CVE-2023-34362, CVE-2023-35063, CVE-2023-35708, cybercrime, darkweb, data breach, Data leak, Fortinet, Malware, MOVEit, Moveit Transfer, Oil & Gas, OSINT, Shell, SSL-VPN, Threat Intelligence, United States, vulnerability /

Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations 20/06/2023 at 16:11 By cybleinc Cyble investigates the Current vulnerability Threat landscape and observes distribution of Proof Of Concepts over Darkweb. The post Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations appeared first on Cyble. This article is an

React to this headline:

Loading spinner

Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations Read More »

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Don't miss, NAS, News, security update, vulnerability, Zyxel /

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) 20/06/2023 at 13:05 By Zeljka Zorz Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially

React to this headline:

Loading spinner

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) Read More »

Scroll to Top