Tag: cve
-
In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers
Noteworthy stories that might have slipped under the radar: CVE Program celebrates 25th anniversary, one year after ransomware attack Henry Schein say… First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-cve-turns-25-henry-schein-data-breach-reward-for-shahid-hemmat-hackers/
-
Critical Veeam CVE actively exploited in ransomware attacks
Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/veeam-critical-cve-exploits-ransomware/730570/
-
Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/24/cve-2024-47575/
-
Mandiant says new Fortinet flaw has been exploited since June
A new Fortinet FortiManager flaw dubbed FortiJump and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 serv… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mandiant-says-new-fortinet-fortimanager-flaw-has-been-exploited-since-june/
-
Red Hat NetworkManager Flaw Allows Hackers to Gain Root Access
A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could al… First seen on gbhackers.com Jump to article: gbhackers.com/red-hat-networkmanager-flaw/
-
New Fortinet Zero-Day Exploited for Months Before Patch
A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024. The post New Fortinet Zero-Day Exploite… First seen on securityweek.com Jump to article: www.securityweek.com/new-fortinet-zero-day-exploited-for-months-before-patch-release/
-
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game ta… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/
-
VMware fixes critical vCenter Server RCE bug again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fu… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/22/cve-2024-38812-cve-2024-38813-fixed-again/
-
Fortinet warns of new critical FortiManager flaw used in zero-day attacks
Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to stea… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
-
New Loop DoS Attack Based on CVE-2024-2169 in UDP Protocol
A newly identified denial-of-service attack, named Loop DoS, is causing concerns among cybersecurity experts. This sophisticated attack targets applic… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/loop-dos-attack-cve-2024-2169/
-
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not corr… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/
-
VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812
VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. VMware failed to fully ad… First seen on securityaffairs.com Jump to article: securityaffairs.com/170096/security/vmware-failed-to-fix-rce-vcenter-server-cve-2024-38812.html
-
VMware HCX Platform Vulnerable to SQL Injection Attacks
VMware released an advisory (VMSA-2024-0021) addressing a critical vulnerability in its HCX platform. The vulnerability, CVE-2024-38814, is an authent… First seen on gbhackers.com Jump to article: gbhackers.com/vmware-hcx-platform-vulnerable/
-
Critical CVE in 4 Fortinet products actively exploited
CISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the compan… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-cve-fortinet-exploited/729736/
-
Earth Simnavaz Exploits Windows Kernel Flaw CVE-2024-30088 in Attacks on Critical Infrastructure
Trend Micro researchers have uncovered a series of advanced cyberattacks carried out by the threat group Earth Simnavaz, also known as APT34 or OilRig… First seen on securityonline.info Jump to article: securityonline.info/earth-simnavaz-exploits-windows-kernel-flaw-cve-2024-30088-in-attacks-on-critical-infrastructure/
-
VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX
VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a… First seen on securityaffairs.com Jump to article: securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html
-
CVE-2024-9381 Ivanti CSA Security Vulnerability October 2024
A critical vulnerability (CVE-2024-9381) in Ivanti’s Cloud Services Appliance allows attackers to bypass security measures and execute arbitrary code…. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/cve-2024-9381-ivanti-csa-security-vulnerability-october-2024/
-
Critical Veeam Vulnerability CVE-2024-40711 Exploited by Ransomware Groups
Veeam has addressed a severe vulnerability in its widely utilized Backup & Replication tool, CVE-2024-40711. This critical flaw has a staggering Commo… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/critical-veeam-vulnerability-2/
-
VMware Patches High-Severity SQL Injection Flaw in HCX Platform
VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager. The post VMware P… First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-high-severity-sql-injection-flaw-in-hcx-platform/
-
3 More Ivanti Cloud Vulns Exploited in the Wild
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the securi… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/three-more-ivanti-cloud-vulns-exploited
-
Windows spoofing flaw exploited in earlier zero-day attacks
Microsoft reveals that CVE-2024-43461, which was disclosed in September’s Patch Tuesday, was previously exploited as a zero-day vulnerability in an at… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366610775/Windows-spoofing-flaw-exploited-in-earlier-zero-day-attacks
-
Fortigate SSLVPN Vulnerability Exploited in the Wild
A critical vulnerability in Fortinet’s FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in the wild. This format string flaw v… First seen on gbhackers.com Jump to article: gbhackers.com/fortigate-sslvpn-vulnerability/
-
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)
Last week, CISA added CVE-2024-23113 a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGat… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/15/cve-2024-23113/
-
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU
Oracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update. The post Oracle Pat… First seen on securityweek.com Jump to article: www.securityweek.com/oracle-patches-over-200-vulnerabilities-with-october-2024-cpu/
-
Oracle October 2024 Critical Patch Update Addresses 198 CVEs
Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates. Background On October 15, O… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/oracle-october-2024-critical-patch-update-addresses-198-cves/
-
Ransomware operators exploited Veeam Backup Replication flaw CVE-2024-40711 in recent attacks
Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that rans… First seen on securityaffairs.com Jump to article: securityaffairs.com/169679/cyber-crime/ransomware-groups-exploit-veeam-backup-replication-bug.html
-
iPhone ‘VoiceOver’ Feature Could Read Passwords Aloud
CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility fe… First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/iphone-voiceover-feature-read-passwords-aloud
-
Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users
Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide. The flaw, identified as CVE-2024-43047,… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploiting-zero-day-flaw-in-qualcomm-chips/
-
Microsoft Patches 117 CVEs: Focus on Critical and Zero-Day Threats
Microsoft has released the October 2024 Patch Tuesday, addressing a total of 117 Common Vulnerabilities and Exposures (CVEs). This month’s Microsoft P… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-2/