vulnerability

Fortra Patches Critical Vulnerability in FileCatalyst Workflow

Fortra, Vulnerabilities, vulnerability /

Fortra Patches Critical Vulnerability in FileCatalyst Workflow 2024-08-30 at 14:31 By Ionut Arghire Fortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials. The post Fortra Patches Critical Vulnerability in FileCatalyst Workflow appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this […]

React to this headline:

Loading spinner

Fortra Patches Critical Vulnerability in FileCatalyst Workflow Read More »

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise

Vulnerabilities, vulnerability /

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise 2024-08-30 at 11:46 By Ionut Arghire Censys warns of over 1,200 internet-accessible WhatsUp Gold instances potentially exposed to malicious attacks. The post Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise Read More »

Top ICS Vulnerabilities This Week: Addressing Flaws Within Rockwell Automation, Avtec, and MOBOTIX Products

vulnerability /

Top ICS Vulnerabilities This Week: Addressing Flaws Within Rockwell Automation, Avtec, and MOBOTIX Products 2024-08-29 at 17:02 By dakshsharma16 Cyble’s latest report reveals critical ICS vulnerabilities, including CVE-2023-34873 in MOBOTIX cameras, highlighting urgent security concerns for August 2024. Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) has observed multiple vulnerabilities with its Weekly Industrial

React to this headline:

Loading spinner

Top ICS Vulnerabilities This Week: Addressing Flaws Within Rockwell Automation, Avtec, and MOBOTIX Products Read More »

Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks

ICS, ICS/OT, vulnerability /

Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks 2024-08-29 at 15:16 By Eduard Kovacs Beckhoff Automation has patched several vulnerabilities in its TwinCAT/BSD operating system for industrial PCs. The post Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks Read More »

Cisco Patches Multiple NX-OS Software Vulnerabilities

Cisco, Vulnerabilities, vulnerability /

Cisco Patches Multiple NX-OS Software Vulnerabilities 2024-08-29 at 15:16 By Ionut Arghire Cisco on Wednesday announced NX-OS software updates that resolve multiple vulnerabilities, including a high-severity DoS bug. The post Cisco Patches Multiple NX-OS Software Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Cisco Patches Multiple NX-OS Software Vulnerabilities Read More »

CVE-2024-39717 Exposes Critical Vulnerability in Versa Director

Threat Intelligence, vulnerability /

CVE-2024-39717 Exposes Critical Vulnerability in Versa Director 2024-08-28 at 16:01 By dakshsharma16 Meta description: CISA warns of CVE-2024-39717 in Versa Director, urging updates to version 22.1.4, MFA usage, and strengthening network security to prevent exploitation. Key Takeaways Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability to its Known

React to this headline:

Loading spinner

CVE-2024-39717 Exposes Critical Vulnerability in Versa Director Read More »

Second Apache OFBiz Vulnerability Exploited in Attacks

Apache OFBiz, CISA KEV, exploited, Vulnerabilities, vulnerability /

Second Apache OFBiz Vulnerability Exploited in Attacks 2024-08-28 at 14:01 By Eduard Kovacs CISA is warning organizations that a second Apache OFBiz flaw is being exploited in the wild shortly after the release of PoC exploits. The post Second Apache OFBiz Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Second Apache OFBiz Vulnerability Exploited in Attacks Read More »

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

credentials, Don't miss, Dynatrace, enterprise, file-sharing, Fortra, Hot stuff, News, SQL injection, Tenable, vulnerability /

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) 2024-08-28 at 12:02 By Zeljka Zorz Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For

React to this headline:

Loading spinner

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) Read More »

High-Risk CVE-2024-7965 Vulnerability in Chrome’s V8 Engine Requires Quick Fix

CVE-2024-7965, Google Chrome, Threat Intelligence, vulnerability /

High-Risk CVE-2024-7965 Vulnerability in Chrome’s V8 Engine Requires Quick Fix 2024-08-27 at 17:31 By dakshsharma16 Key Takeaways Overview CISA has recently added a type of confusion vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This flaw affects the popular Google Chrome browser and potentially other Chromium-based browsers. It poses a serious risk and has been

React to this headline:

Loading spinner

High-Risk CVE-2024-7965 Vulnerability in Chrome’s V8 Engine Requires Quick Fix Read More »

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

access control, CVE, Don't miss, firewall, Hot stuff, News, security update, SonicWall, vulnerability /

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) 2024-08-26 at 21:32 By Zeljka Zorz SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an improper access control vulnerability in the “SonicWall SonicOS

React to this headline:

Loading spinner

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) Read More »

SonicWall Patches Critical SonicOS Vulnerability 

SonicWall, Vulnerabilities, vulnerability /

SonicWall Patches Critical SonicOS Vulnerability  2024-08-26 at 16:16 By Eduard Kovacs SonicWall has patched CVE-2024-40766, a critical SonicOS vulnerability that can lead to unauthorized access or a firewall crash. The post SonicWall Patches Critical SonicOS Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

SonicWall Patches Critical SonicOS Vulnerability  Read More »

The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800 

vulnerability /

The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800  2024-08-26 at 13:35 By Cyble Key Takeaways  Overview  Cyble Research & Intelligence Labs’ (CRIL) Weekly Vulnerability Intelligence Report has recently revealed critical flaws with the potential to impact major technology platforms. Among the most concerning is a security issue affecting

React to this headline:

Loading spinner

The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800  Read More »

Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP 

vulnerability /

Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP  2024-08-26 at 13:35 By Cyble Key Takeaways  Overview  Cyble Research and Intelligence Labs (CRIL) researchers investigated 12 vulnerabilities from August 14 to August 20, ranging in severity from medium to critical.  CRIL researchers also observed five instances of

React to this headline:

Loading spinner

Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP  Read More »

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

CVE, Don't miss, enterprise, Hot stuff, MSP, News, SMBs, SolarWinds, vulnerability /

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) 2024-08-23 at 13:31 By Zeljka Zorz A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from

React to this headline:

Loading spinner

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) Read More »

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

Cisco, Nation-State, Network Security, Vulnerabilities, vulnerability /

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches 2024-08-22 at 20:03 By Kevin Townsend Hackers gained access to the switch using valid administrator credentials, and then ‘jailbroke’ from the application level into the OS level. The post China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

React to this headline:

Loading spinner

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches Read More »

Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products

vulnerability /

Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products 2024-08-22 at 18:31 By Cyble Key Takeaways Overview  CERT-In has added multiple critical Atlassian vulnerabilities to its catalog following the disclosure by the organization in its August 2024 Security Bulletin. These vulnerabilities   target a range of Atlassian products, including Bamboo, Confluence, and more. This analysis aims to

React to this headline:

Loading spinner

Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products Read More »

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

CVE, Don't miss, enterprise, GitHub, Hot stuff, News, security update, software development, vulnerability /

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) 2024-08-22 at 15:31 By Zeljka Zorz A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are

React to this headline:

Loading spinner

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) Read More »

Microsoft Copilot Studio Vulnerability Led to Information Disclosure

Artificial Intelligence, Copilot, Microsoft, vulnerability /

Microsoft Copilot Studio Vulnerability Led to Information Disclosure 2024-08-21 at 16:01 By Ionut Arghire A vulnerability in Microsoft Copilot Studio exposed information on internal services shared among tenants, potentially impacting multiple customers. The post Microsoft Copilot Studio Vulnerability Led to Information Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Microsoft Copilot Studio Vulnerability Led to Information Disclosure Read More »

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

plugin, Vulnerabilities, vulnerability, WordPress /

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover 2024-08-20 at 18:16 By Ionut Arghire A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day, APT, Don't miss, drivers, Hot stuff, News, North Korea, rootkits, vulnerability /

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

React to this headline:

Loading spinner

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Scroll to Top