vulnerability

Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns

Apex Softcell, vulnerability /

Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns 2024-09-25 at 19:17 By dakshsharma16 Overview The Indian Computer Emergency Response Team (CERT-In) has warned users about five high-severity vulnerabilities in Apex Softcell’s mobile stock trading and back-office platforms. The 32-year-old private company focuses on products and solutions for capital markets and the financial industry, […]

Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns Read More »

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

CVE, Don't miss, education, enterprise, Government, Horizon3.ai, Hot stuff, MSP, News, PoC, SMBs, SolarWinds, vulnerability /

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) 2024-09-25 at 17:17 By Zeljka Zorz Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) Read More »

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

CVE, Don't miss, enterprise, exploit, Hot stuff, Ivanti, News, PoC, vulnerability /

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) 2024-09-25 at 12:46 By Zeljka Zorz CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) Read More »

Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know

CVE-2024-45229, Versa Director, vulnerability /

Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know 2024-09-24 at 10:46 By dakshsharma16 Overview The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a vulnerability in Versa Networks’ Versa Director, a centralized management platform for Secure SD-WAN and SASE solutions. This vulnerability, identified as CVE-2024-45229, stems from improper input validation and affects

Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know Read More »

Versa Networks Patches Vulnerability Exposing Authentication Tokens

Versa Director, Vulnerabilities, vulnerability /

Versa Networks Patches Vulnerability Exposing Authentication Tokens 2024-09-23 at 15:01 By Ionut Arghire Versa Networks has released patches for a Versa Director vulnerability for which proof-of-concept (PoC) code exists. The post Versa Networks Patches Vulnerability Exposing Authentication Tokens appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Versa Networks Patches Vulnerability Exposing Authentication Tokens Read More »

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections

Malware, phishing, vulnerability /

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections 2024-09-20 at 17:31 By dakshsharma16 Key Takeaways Overview The Cyble Global Sensor Intelligence Network, or CGSI, monitors and captures real-time attack data through Cyble’s network of Honeypot sensors. This week, Cyble’s Threat Hunting service discovered and investigated dozens of exploit attempts, malware intrusions, financial fraud, and brute-force attacks. 

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections Read More »

HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024

vulnerability /

HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024 2024-09-20 at 12:16 By dakshsharma16 Key Takeaways Overview This Weekly Vulnerability Intelligence Report explores vulnerability updates between September 11 and September 17. The Cyble Research and Intelligence Labs team investigated 24 vulnerabilities this week, among other disclosed vulnerabilities, to present critical, high, and

HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024 Read More »

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

Atlassian, Vulnerabilities, vulnerability /

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd 2024-09-19 at 15:46 By Ionut Arghire Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products. The post Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd Read More »

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

access management, AmberWolf, CVE, Don't miss, enterprise, Hot stuff, News, One Identity, vulnerability /

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) 2024-09-19 at 15:31 By Zeljka Zorz Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) Read More »

GitLab Patches Critical Authentication Bypass Vulnerability

GitLab, Vulnerabilities, vulnerability /

GitLab Patches Critical Authentication Bypass Vulnerability 2024-09-19 at 13:16 By Ionut Arghire GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances. The post GitLab Patches Critical Authentication Bypass Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

GitLab Patches Critical Authentication Bypass Vulnerability Read More »

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog

MSHTML, vulnerability, WhatsUp Gold /

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog 2024-09-19 at 09:18 By dakshsharma16 Key Takeaways Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities affecting the Microsoft Windows MSHTML Platform and Progress WhatsUp Gold network monitoring solution to its Known Exploited Vulnerabilities catalog (KEV) after proofs of

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann

Rockwell Automation, Siemens, Threat Intelligence, Viessmann, vulnerability /

Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann 2024-09-19 at 09:18 By dakshsharma16 Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) has observed multiple vulnerabilities in its Weekly Industrial Control System (ICS) Vulnerability Intelligence Report. This report provides a comprehensive overview of critical vulnerabilities disclosed from September 10 to September

Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann Read More »

Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann

Rockwell Automation, Siemens, Threat Intelligence, Viessmann, vulnerability /

Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann 2024-09-18 at 22:31 By dakshsharma16 Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) has observed multiple vulnerabilities in its Weekly Industrial Control System (ICS) Vulnerability Intelligence Report. This report provides a comprehensive overview of critical vulnerabilities disclosed from September 10 to September

Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, and Viessmann Read More »

Chrome 129 Patches High-Severity Vulnerability in V8 Engine

Chrome, Vulnerabilities, vulnerability /

Chrome 129 Patches High-Severity Vulnerability in V8 Engine 2024-09-18 at 15:31 By Ionut Arghire Google has released Chrome 129 with patches for nine vulnerabilities, including a high-severity bug in the V8 engine. The post Chrome 129 Patches High-Severity Vulnerability in V8 Engine appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Chrome 129 Patches High-Severity Vulnerability in V8 Engine Read More »

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog

MSHTML, vulnerability, WhatsUp Gold /

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog 2024-09-17 at 22:16 By dakshsharma16 Key Takeaways Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities affecting the Microsoft Windows MSHTML Platform and Progress WhatsUp Gold network monitoring solution to its Known Exploited Vulnerabilities catalog (KEV) after proofs of

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

CERT India reports vulnerabilities in multiple QNAP products

CVE-2023-34974, Network-Attached Storage, QNAP, vulnerability /

CERT India reports vulnerabilities in multiple QNAP products 2024-09-17 at 19:16 By dakshsharma16 Earlier today, CERT India (CERT-In) released an advisory announcing multiple vulnerabilities in various QNAP products. QNAP is best known for the Network-Attached Storage (NAS) systems used by firms with their enterprise environments. This batch of vulnerabilities primarily affects the QTS and QuTS

CERT India reports vulnerabilities in multiple QNAP products Read More »

Dependency Confusion Could Have Led to RCE in Google Cloud Platform

Cloud, cloud security, CloudImposer, Google Cloud, vulnerability /

Dependency Confusion Could Have Led to RCE in Google Cloud Platform 2024-09-17 at 16:25 By Ionut Arghire Tenable shares details on a dependency confusion attack that led to the execution of code on Google’s internal servers. The post Dependency Confusion Could Have Led to RCE in Google Cloud Platform appeared first on SecurityWeek. This article

Dependency Confusion Could Have Led to RCE in Google Cloud Platform Read More »

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE, Don't miss, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC, secure communications, vulnerability /

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) 2024-09-17 at 13:02 By Zeljka Zorz CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have published their

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) Read More »

CISA Adds Ivanti Cloud Services Appliance Vulnerability to Known Exploited Vulnerabilities Catalog (CVE-2024-8190)

vulnerability /

CISA Adds Ivanti Cloud Services Appliance Vulnerability to Known Exploited Vulnerabilities Catalog (CVE-2024-8190) 2024-09-16 at 17:01 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has recently included a security flaw in Ivanti Cloud Services Appliance (CSA) in its Known Exploited Vulnerabilities (KEV) catalog. This newly cataloged vulnerability, identified as CVE-2024-8190, involves an OS

CISA Adds Ivanti Cloud Services Appliance Vulnerability to Known Exploited Vulnerabilities Catalog (CVE-2024-8190) Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

Scroll to Top