vulnerability

SAP Patches Critical Vulnerability in PowerDesigner Product

SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerability in PowerDesigner Product 09/08/2023 at 13:31 By Eduard Kovacs SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product. The post SAP Patches Critical Vulnerability in PowerDesigner Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS […]

React to this headline:

Loading spinner

SAP Patches Critical Vulnerability in PowerDesigner Product Read More »

Downfall attacks can gather passwords, encryption keys from Intel processors

Amd, AWS, Citrix, CPU, Debian, Don't miss, Google, Hot stuff, Intel, News, security update, VMWare, vulnerability /

Downfall attacks can gather passwords, encryption keys from Intel processors 09/08/2023 at 13:02 By Zeljka Zorz A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and

React to this headline:

Loading spinner

Downfall attacks can gather passwords, encryption keys from Intel processors Read More »

Data exfiltration is now the go-to cyber extortion strategy

Akamai, Black Hat USA 2023, cybercrime, News, Ransomware, report, survey, vulnerability /

Data exfiltration is now the go-to cyber extortion strategy 09/08/2023 at 06:32 By Help Net Security The abuse of zero-day and one-day vulnerabilities in the past six months led to a 143% increase in victims when comparing Q1 2022 with Q1 2023, according to Akamai. Ransomware groups target the exfiltration of files The report also

React to this headline:

Loading spinner

Data exfiltration is now the go-to cyber extortion strategy Read More »

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)

Don't miss, Horizon3.ai, News, security update, Tenable, Trend Micro, vulnerability /

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) 07/08/2023 at 13:48 By Zeljka Zorz Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they noted, unlike the PaperCut vulnerability

React to this headline:

Loading spinner

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) Read More »

Top 12 vulnerabilities routinely exploited in 2022

ACSC, CISA, Don't miss, exploit, FBI, Hot stuff, NCSC, News, trends, vulnerability /

Top 12 vulnerabilities routinely exploited in 2022 04/08/2023 at 16:31 By Helga Labus Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also “popular” with attackers. The top 12 “In 2022, malicious cyber actors exploited older

React to this headline:

Loading spinner

Top 12 vulnerabilities routinely exploited in 2022 Read More »

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

Ivanti, Vulnerabilities, vulnerability /

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed 04/08/2023 at 13:31 By Eduard Kovacs Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed. The post Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed appeared first on

React to this headline:

Loading spinner

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed Read More »

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

Featured, Government, Vulnerabilities, vulnerability /

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities 04/08/2023 at 12:31 By Ionut Arghire Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The post Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities Read More »

VPNs remain a risky gamble for remote access

cybersecurity, News, Ransomware, report, survey, VPN, vulnerability, zero trust, Zscaler /

VPNs remain a risky gamble for remote access 04/08/2023 at 06:33 By Help Net Security Organizations are expressing deep concerns about their network security due to the risks from VPNs, according to a new Zscaler report. The report stresses the need for organizations to reevaluate their security posture and migrate to a zero-trust architecture due

React to this headline:

Loading spinner

VPNs remain a risky gamble for remote access Read More »

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

ICS, ICS/OT, vulnerability /

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis 03/08/2023 at 19:46 By Eduard Kovacs CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor. The post 670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis appeared

React to this headline:

Loading spinner

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis Read More »

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)

0-day, Don't miss, endpoint management, Hot stuff, Ivanti, MobileIron, News, Rapid7, security update, vulnerability /

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) 03/08/2023 at 13:46 By Helga Labus Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of

React to this headline:

Loading spinner

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) Read More »

Salesforce and Meta suffer phishing campaign that evades typical detection methods

0-day, cybercrime, cybersecurity, email security, Facebook, Guardio, News, phishing, Salesforce, vulnerability /

Salesforce and Meta suffer phishing campaign that evades typical detection methods 02/08/2023 at 17:18 By Help Net Security The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability allowed threat actors

React to this headline:

Loading spinner

Salesforce and Meta suffer phishing campaign that evades typical detection methods Read More »

Android n-day bugs pose zero-day threat

0-day, Android, Don't miss, Google, Hot stuff, News, patching, vulnerability /

Android n-day bugs pose zero-day threat 01/08/2023 at 14:17 By Helga Labus In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the vendor but known to – and

React to this headline:

Loading spinner

Android n-day bugs pose zero-day threat Read More »

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

0-day, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, Mnemonic, MobileIron, News, security update, vulnerability /

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) 31/07/2023 at 16:32 By Helga Labus Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to target

React to this headline:

Loading spinner

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) Read More »

New persistent backdoor used in attacks on Barracuda ESG appliances

backdoor, Barracuda Networks, CISA, Don't miss, exploit, Hot stuff, News, vulnerability /

New persistent backdoor used in attacks on Barracuda ESG appliances 31/07/2023 at 13:32 By Helga Labus The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracuda ESG zero-day exploit and backdoors In late

React to this headline:

Loading spinner

New persistent backdoor used in attacks on Barracuda ESG appliances Read More »

Stremio vulnerability exposes millions to RCE and data theft

CyFox, data theft, Don't miss, exploit, hijacking, News, vulnerability, Windows /

Stremio vulnerability exposes millions to RCE and data theft 31/07/2023 at 11:02 By Help Net Security CyFox has recently identified a critical hijacking vulnerability in Stremio 4.4, a popular software platform for streaming movies and TV shows. With over 5 million users relying on Stremio for their entertainment needs, this vulnerability poses a significant risk

React to this headline:

Loading spinner

Stremio vulnerability exposes millions to RCE and data theft Read More »

Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads

cloud security, Featured, Ubuntu, Vulnerabilities, vulnerability /

Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads 27/07/2023 at 17:20 By Kevin Townsend Researchers discovered two vulnerabilities in the Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629 (together dubbed ‘GameOver(lay)’). The post Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads Read More »

MikroTik vulnerability could be used to hijack 900,000 routers (CVE-2023-30799)

Don't miss, Hot stuff, Margin Research, mikrotik, News, router, VulnCheck, vulnerability /

MikroTik vulnerability could be used to hijack 900,000 routers (CVE-2023-30799) 26/07/2023 at 16:47 By Zeljka Zorz A privilege escalation vulnerability (CVE-2023-30799) could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines. While exploting it does require authentication, acquiring credentials to access the routers is not that difficult. “RouterOS [the underlying

React to this headline:

Loading spinner

MikroTik vulnerability could be used to hijack 900,000 routers (CVE-2023-30799) Read More »

TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems

ICS, ICS/OT, Vulnerabilities, vulnerability /

TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems 25/07/2023 at 19:32 By Kevin Townsend TETRA:BURST – vulnerabilities in widely used radio standard could threaten military and law enforcement communications, as well as ICS. The post TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems Read More »

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, Kaspersky, macOS, News, security update, vulnerability /

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606) 25/07/2023 at 12:57 By Helga Labus Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in WebKit. The vulnerability has been patched

React to this headline:

Loading spinner

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606) Read More »

Inspiring secure coding: Strategies to encourage developers’ continuous improvement

Application Security, bug bounty, code, cyber risk, cybersecurity, Don't miss, education, Features, framework, Hot stuff, News, opinion, Secure Code Warrior, security culture, training, vulnerability /

Inspiring secure coding: Strategies to encourage developers’ continuous improvement 25/07/2023 at 07:38 By Mirko Zorz In software development, the importance of secure coding practices cannot be overstated. Fostering a security culture within development teams has become crucial to ensure the integrity and protection of digital systems. To delve deeper into this topic, we had the

React to this headline:

Loading spinner

Inspiring secure coding: Strategies to encourage developers’ continuous improvement Read More »

Scroll to Top