vulnerability

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

CVE, Don't miss, endpoint management, Hot stuff, Ivanti, News, vulnerability /

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) 2024-09-11 at 15:02 By Zeljka Zorz Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use it as a beachhead for […]

React to this headline:

Loading spinner

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) Read More »

Ivanti Patches Critical Vulnerabilities in Endpoint Manager

Ivanti, Vulnerabilities, vulnerability /

Ivanti Patches Critical Vulnerabilities in Endpoint Manager 2024-09-11 at 14:01 By Ionut Arghire Ivanti has released patches for multiple vulnerabilities in Endpoint Manager, Cloud Service Appliance, and Workspace Control. The post Ivanti Patches Critical Vulnerabilities in Endpoint Manager appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Ivanti Patches Critical Vulnerabilities in Endpoint Manager Read More »

Chrome 128 Update Resolves High-Severity Vulnerabilities

Chrome, Vulnerabilities, vulnerability /

Chrome 128 Update Resolves High-Severity Vulnerabilities 2024-09-11 at 12:16 By Ionut Arghire Google has released a Chrome 128 security update to resolve high-severity memory safety vulnerabilities. The post Chrome 128 Update Resolves High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Chrome 128 Update Resolves High-Severity Vulnerabilities Read More »

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

0-day, CVE, Don't miss, Elastic, Hot stuff, Immersive Labs, News, Patch Tuesday, SharePoint, Tenable, Trend Micro, vulnerability, Windows /

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes 2024-09-10 at 22:46 By Zeljka Zorz September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect

React to this headline:

Loading spinner

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes Read More »

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog

All, CVE-2016-3714, CVE-2017-1000253, cybercriminals, Threat Intelligence, vulnerability /

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog 2024-09-10 at 18:01 By dakshsharma16 Key Takeaways Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding three new vulnerabilities. These newly identified flaws represent significant security risks and are actively being exploited by malicious actors.

React to this headline:

Loading spinner

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks

exploit, vulnerability /

The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks 2024-09-10 at 16:46 By rohansinhacyblecom Overview On September 7, 2024, Cyble Global Sensor Intelligence (CGSI) identified the active exploitation of CVE-2024-32113, a critical path traversal vulnerability in the Apache OFBiz open-source enterprise resource planning (ERP) system. This flaw was initially addressed on April 12, 2024,

React to this headline:

Loading spinner

The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks Read More »

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

Arctic Wolf Networks, CISA, Don't miss, firewall, Hot stuff, News, Ransomware, Rapid7, SonicWall, vulnerability /

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) 2024-09-10 at 15:31 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming it is being actively exploited by attackers. Though the

React to this headline:

Loading spinner

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) Read More »

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

CVE, Don't miss, firmware, Hot stuff, NAS, News, SMBs, vulnerability, Zyxel /

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) 2024-09-10 at 12:02 By Zeljka Zorz Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data

React to this headline:

Loading spinner

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) Read More »

Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024

All, Threat Intelligence, vulnerability /

Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024 2024-09-10 at 10:31 By dakshsharma16 Key Takeaways: Overview This Weekly Vulnerability Intelligence Report explores vulnerability updates between August 28 to September 3. The CRIL team investigated 13 vulnerabilities this week, among other disclosed issues, to present critical, high, and medium insights. This comprehensive

React to this headline:

Loading spinner

Weekly IT Vulnerability Report for August 28, 2024 – September 03, 2024 Read More »

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

backup, Censys, Code White, CVE, Don't miss, enterprise, Hot stuff, News, Veeam Software, vulnerability, WatchTowr /

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) 2024-09-09 at 14:46 By Zeljka Zorz CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged for

React to this headline:

Loading spinner

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) Read More »

Veeam Patches Critical Vulnerabilities in Enterprise Products

Veeam, Vulnerabilities, vulnerability /

Veeam Patches Critical Vulnerabilities in Enterprise Products 2024-09-06 at 15:01 By Ionut Arghire Veeam has released patches for critical-severity vulnerabilities in Backup & Replication, ONE, and Service Provider Console. The post Veeam Patches Critical Vulnerabilities in Enterprise Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Veeam Patches Critical Vulnerabilities in Enterprise Products Read More »

CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability 

airline, airport, Vulnerabilities, vulnerability /

CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability  2024-09-06 at 13:31 By Eduard Kovacs Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems. The post CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability  appeared

React to this headline:

Loading spinner

CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability  Read More »

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks

Vulnerabilities, vulnerability, WordPress /

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks 2024-09-06 at 13:31 By Ionut Arghire A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies. The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks Read More »

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

Apache OFBiz, CVE, Don't miss, enterprise, Hot stuff, News, open source, Rapid7, vulnerability, web application /

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) 2024-09-06 at 13:02 By Zeljka Zorz For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an open-source suite

React to this headline:

Loading spinner

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) Read More »

Cisco Patches Critical Vulnerabilities in Smart Licensing Utility

Cisco, Vulnerabilities, vulnerability /

Cisco Patches Critical Vulnerabilities in Smart Licensing Utility 2024-09-05 at 16:01 By Ionut Arghire Cisco has released patches for multiple vulnerabilities, including two critical-severity flaws in Smart Licensing Utility. The post Cisco Patches Critical Vulnerabilities in Smart Licensing Utility appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Cisco Patches Critical Vulnerabilities in Smart Licensing Utility Read More »

D-Link Warns of Code Execution Flaws in Discontinued Router Model

D-Link, Vulnerabilities, vulnerability /

D-Link Warns of Code Execution Flaws in Discontinued Router Model 2024-09-04 at 13:46 By Ionut Arghire D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router model. The post D-Link Warns of Code Execution Flaws in Discontinued Router Model appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

D-Link Warns of Code Execution Flaws in Discontinued Router Model Read More »

CISA Warns of Critical ICS Vulnerabilities in Rockwell and Delta Electronics

Vulnerabilities, vulnerability /

CISA Warns of Critical ICS Vulnerabilities in Rockwell and Delta Electronics 2024-09-04 at 11:02 By Cyble Key Takeaways  Overview  On August 29, the Cybersecurity and Infrastructure Security Agency (CISA) released three advisories to warn users and administrators of several critical vulnerabilities affecting industrial control systems (ICS) from prominent vendors.  Cyble’s ICS vulnerabilities report last week

React to this headline:

Loading spinner

CISA Warns of Critical ICS Vulnerabilities in Rockwell and Delta Electronics Read More »

CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats

All, Palo Alto Networks, Threat Intelligence, vulnerability /

CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats 2024-09-03 at 18:46 By dakshsharma16 CERT-In’s advisory on Palo Alto Networks vulnerabilities and WikiLoader’s fake GlobalProtect installers highlight major security risks. Key Takeaways Overview CERT-In’s recent advisory and the emergence of WikiLoader malware highlight pressing security concerns involving Palo Alto Networks applications and new

React to this headline:

Loading spinner

CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats Read More »

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

access point, consumer, Don't miss, firewall, Hot stuff, ISP, News, router, security update, SMBs, vulnerability, Zyxel /

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) 2024-09-03 at 16:01 By Zeljka Zorz Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by

React to this headline:

Loading spinner

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) Read More »

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices

darkweb, Fortra, SonicWall, Threat Intelligence, Traccar, vulnerability /

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices 2024-08-30 at 16:31 By dakshsharma16 Key Takeaways Overview Cyble’s weekly vulnerability report for August 21-27 found the highest number of exposed vulnerable assets in nearly three months, since a widespread PHP vulnerability was found in early June. Cyble researchers found more

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices Read More »

Scroll to Top