Tag: cve
-
Neue Zero-Day-Spoofing-Schwachstelle in Windows – Microsofts Patch für CVE-2024-21320 ist nutzlos
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-cve-2024-21320-patch-leaking-ntlm-anmeldedaten-a-3b0ef2b5c786558a92ef33c2da2f4997/
-
Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns
CISA has added a Palo Alto Networks Expedition flaw tracked as CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog. The post Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/palo-alto-networks-expedition-vulnerability-exploited-in-attacks-cisa-warns/
-
CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks
Tags: access, attack, cisa, control, cve, cyber, cybersecurity, exploit, flaw, infrastructure, network, tool, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability in Palo Alto Networks’ Expedition tool, which could lead to severe security breaches. The vulnerability, CVE-2024-5910, is classified as a >>Missing Authentication
-
CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, tool, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that First seen on…
-
U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-43093 this week, Google warned that the vulnerability CVE-2024-43093 in the Android OS is […]…
-
CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack
Threat actors are becoming increasingly creative, using vulnerabilities to infiltrate organizations in ways that might not immediately raise alarms. Veriti’s research team recently discovered a targeted email campaign utilizing CVE-2024-38213, cleverly disguised to appear associated with the Gas Infrastructure Europe (GIE) Annual Conference in Munich. By taking advantage of this vulnerability, attackers managed to bypass……
-
Android flaw CVE-2024-43093 may be under limited, targeted exploitation
Google warned that a vulnerability, tracked as CVE-2024-43093, in the Android OS is actively exploited in the wild. Threat actors are actively exploit… First seen on securityaffairs.com Jump to article: securityaffairs.com/170581/uncategorized/cve-2024-43093-android-flaw-actively-exploited.html
-
Telekom Fortigate: Cybervorfall mit Fortinet FortiManager-Schwachstelle CVE-2024-47575
Ich stelle mal eine Information in den Blog, die mir von einem Leser zugegangen ist (danke dafür). Kunden, die Fortinet-Produkte von der Telekom mit administrieren lassen, sind vermutlich von einer Schwachstelle im FortiManager tangiert. Die Telekom informiert Kunden über einen … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/11/07/telekom-fortigate-cybervorfall-mit-fortinet-fortimanager-schwachstelle/
-
Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that >>may be under limited, targeted exploitation
-
Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems
Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges.Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management First seen…
-
Critical bug in Cisco UWRB access points allows attackers to run commands as root
Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands, compromising industrial wireless automation security. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20418, that could be exploited by unauthenticated, remote attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points used for industrial wireless…
-
Cisco Flaw Let Attackers Run Command as Root User
A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw tracked as CVE-2024-20418 enables unauthenticated, remote attackers to perform command injection attacks and execute arbitrary commands as the root user on the underlying operating system of the affected devices. Vulnerability Details […]…
-
CVE-2024-38094 Exploited: Attackers Gain Domain Access via Microsoft SharePoint Server
A recent report from Rapid7’s Incident Response team reveals a serious compromise of a Microsoft SharePoint server that enabled an attacker to gain en… First seen on securityonline.info Jump to article: securityonline.info/cve-2024-38094-exploited-attackers-gain-domain-access-via-microsoft-sharepoint-server/
-
Microsoft SharePoint RCE bug exploited to breach corporate network
Tags: breach, corporate, cve, exploit, microsoft, network, rce, remote-code-execution, vulnerabilityA recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial acces… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/
-
Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation
Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.Tracked as CVE-2… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/fortinet-warns-of-critical.html
-
PTZOptics cameras zero-days actively exploited in the wild
Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to… First seen on securityaffairs.com Jump to article: securityaffairs.com/170456/hacking/ptzoptics-cameras-flaws-exploited.html
-
Cybersecurity Vulnerability News: October 2024 CVE Roundup
Keep Your Organization Safe with Up-to-Date CVE Information Cybersecurity vulnerability warnings from the National Institute of Standards and Techno… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/cybersecurity-vulnerability-news-october-2024-cve-roundup/
-
Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining
In a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) t… First seen on securityonline.info Jump to article: securityonline.info/atlassian-confluence-vulnerability-cve-2023-22527-exploited-for-cryptomining/
-
Google fixed a critical vulnerability in Chrome browser
Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical… First seen on securityaffairs.com Jump to article: securityaffairs.com/170395/security/google-fixed-critical-chrome-flaw.html
-
QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addre… First seen on securityaffairs.com Jump to article: securityaffairs.com/170386/uncategorized/qnap-fixed-zero-day-cve-2024-50388-pwn2own-ireland-2024.html
-
Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators … First seen on securityaffairs.com Jump to article: securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html
-
CVE-2024-43573 Microsoft Windows Security Vulnerability October 2024
A critical vulnerability (CVE-2024-43573) in Microsoft Windows MSHTML platform allows for spoofing attacks. Affected Platform The vulnerability iden… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/cve-2024-43573-microsoft-windows-security-vulnerability-october-2024/
-
CVE-2024-9680 Mozilla Firefox Security Vulnerability October 2024
A critical vulnerability (CVE-2024-9680) in Mozilla Firefox exposes systems to remote code execution by exploiting memory handling flaws. Affected Pl… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/cve-2024-9680-mozilla-firefox-security-vulnerability-october-2024/
-
Google Patches Critical Chrome Vulnerability Reported by Apple
Google has patched CVE-2024-10487, a critical Chrome vulnerability, and Mozilla has patched high-severity flaws in Firefox. The post Google Patches Cr… First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/
-
Fog ransomware targets SonicWall VPNs to breach corporate networks
Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorize… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/
-
UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575)
Fortinet and Mandiant investigated the mass exploitation of FortiManager devices via CVE-2024-47575, impacting 50+ systems across industries. Threat….. First seen on hackread.com Jump to article: hackread.com/unc5820-exploits-fortimanager-zero-day-vulnerability/
-
CVE-2024-47575 ausgenutzt in freier Wildbahn – BSI warnt vor kritischer Schwachstelle im FortiManager
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-fgfm-daemon-fortimanager-a-1bcc6b7fff19c07fba226fba8dc451fb/
-
New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack
In October 2024, Mandiant, in collaboration with Fortinet, uncovered the mass exploitation of FortiManager appliances across multiple industries. This… First seen on securityonline.info Jump to article: securityonline.info/new-threat-group-unc5820-targets-fortimanager-zero-day-cve-2024-47575-in-global-cyberattack/
-
MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data
Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well…. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/macos-safari-exploit-camera-mic-browser-data