vulnerability

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities 

Cisco, Microsoft, Vulnerabilities, vulnerability /

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  2024-08-20 at 15:31 By Ionut Arghire Multiple vulnerabilities in Microsoft applications for macOS could be exploited to send emails, leak sensitive information, and escalate privileges. The post Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from […]

React to this headline:

Loading spinner

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  Read More »

F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus

F5, Vulnerabilities, vulnerability /

F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus 2024-08-20 at 14:16 By Ionut Arghire F5’s latest quarterly security notification includes nine advisories, including four for high-severity vulnerabilities in BIG-IP and NGINX Plus. The post F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus Read More »

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

apple, Cisco, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, vulnerability /

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera 2024-08-20 at 13:46 By Zeljka Zorz Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft

React to this headline:

Loading spinner

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera Read More »

Stolen, locked payment cards can be used with digital wallet apps

apple, Banks, digital wallet, Don't miss, financial industry, fraud, Google, Hot stuff, mobile payment, News, online payment, PayPal, research, vulnerability /

Stolen, locked payment cards can be used with digital wallet apps 2024-08-19 at 21:32 By Zeljka Zorz Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University

React to this headline:

Loading spinner

Stolen, locked payment cards can be used with digital wallet apps Read More »

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

SolarWinds, Vulnerabilities, vulnerability /

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability 2024-08-15 at 16:32 By Ionut Arghire SolarWinds has released a hotfix for a critical Java deserialization remote code execution vulnerability in Web Help Desk. The post SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability Read More »

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR

Palo Alto Networks, Vulnerabilities, vulnerability /

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR 2024-08-15 at 15:04 By Eduard Kovacs Palo Alto Networks has patched multiple vulnerabilities, including ones rated high severity, in several products. The post Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR Read More »

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

CVE, Don't miss, enterprise, Hot stuff, Java, MSP, News, SMBs, vulnerability /

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) 2024-08-15 at 14:45 By Zeljka Zorz SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce

React to this headline:

Loading spinner

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) Read More »

GitHub Makes Copilot Autofix Generally Available

Application Security, Copilot, GitHub, vulnerability /

GitHub Makes Copilot Autofix Generally Available 2024-08-15 at 12:16 By Ionut Arghire GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster. The post GitHub Makes Copilot Autofix Generally Available appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

GitHub Makes Copilot Autofix Generally Available Read More »

Fortinet, Zoom Patch Multiple Vulnerabilities

Fortinet, Vulnerabilities, vulnerability, Zoom /

Fortinet, Zoom Patch Multiple Vulnerabilities 2024-08-14 at 15:46 By Eduard Kovacs Fortinet and Zoom have released patches for multiple vulnerabilities in their products, including high-severity bugs. The post Fortinet, Zoom Patch Multiple Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Fortinet, Zoom Patch Multiple Vulnerabilities Read More »

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager

Ivanti, Vulnerabilities, vulnerability /

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager 2024-08-14 at 14:02 By Ionut Arghire Ivanti has released patches for multiple vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, including critical bugs. The post Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager Read More »

SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps

SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps 2024-08-13 at 18:46 By Ionut Arghire SAP has released 25 security notes on August 2024 Security Patch Day, including for critical vulnerabilities in BusinessObjects and Build Apps. The post SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps Read More »

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

Vulnerabilities, vulnerability /

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility 2024-08-12 at 19:01 By Ionut Arghire SafeBreach identified 10 vulnerabilities in Google Quick Share and devised a remote code execution chain targeting the file sharing utility for Windows. The post Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility Read More »

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

1Password, CVE, Don't miss, Hot stuff, macOS, News, password manager, passwords, security assessment, vulnerability /

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) 2024-08-09 at 15:31 By Zeljka Zorz Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confirmed. Discovered by the

React to this headline:

Loading spinner

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) Read More »

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

0-day, Chrome, Don't miss, Firefox, Hot stuff, Linux, macOS, News, Oligo Security, Safari, vulnerability /

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox 2024-08-09 at 13:01 By Zeljka Zorz A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests

React to this headline:

Loading spinner

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox Read More »

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers

eavesdrop, IoT Security, Sonos, vulnerability /

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers 2024-08-09 at 12:16 By Eduard Kovacs Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users. The post Vulnerability Allowed Eavesdropping via Sonos Smart Speakers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers Read More »

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption

ICS, ICS/OT, IoT Security, power, Vulnerabilities, vulnerability /

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption 2024-08-08 at 16:16 By Eduard Kovacs Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts. The post Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

React to this headline:

Loading spinner

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)

CVE, Don't miss, email security, Hot stuff, News, Roundcube, security update, SonarSource, vulnerability /

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) 2024-08-07 at 12:01 By Zeljka Zorz Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Roundcube is an open-source webmail software solution popular with European

React to this headline:

Loading spinner

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) Read More »

Chrome, Firefox Updates Patch Serious Vulnerabilities 

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome, Firefox Updates Patch Serious Vulnerabilities  2024-08-07 at 11:31 By Eduard Kovacs A Chrome 127 update patches five vulnerabilities, and Firefox 129 addresses over a dozen security holes. The post Chrome, Firefox Updates Patch Serious Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Chrome, Firefox Updates Patch Serious Vulnerabilities  Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Don't miss, Elastic, Features, malware detection, Microsoft, News, security controls, vulnerability, Windows /

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

Scroll to Top