Tag: cve
-
Microsoft Patches 117 CVEs: Focus on Critical and Zero-Day Threats
Microsoft has released the October 2024 Patch Tuesday, addressing a total of 117 Common Vulnerabilities and Exposures (CVEs). This month’s Microsoft P… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-2/
-
Vulnerability Prioritization the Magic 8 Ball
Last month marks 25 years of operation for the CVE (Common Vulnerabilities and Exposures) program, launched in September 1999. It’s difficult to imagi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/vulnerability-prioritization-the-magic-8-ball/
-
CISA’s vulnerability management program spotted 250 critical CVEs in 2023
First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-vulnerability-disclosure-platform/728956/
-
Palo Alto Expedition: From N-Day to Full Compromise
On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/palo-alto-expedition-from-n-day-to-full-compromise/
-
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/
-
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/08/cve-2024-9379-cve-2024-9380-cve-2024-9381/
-
Kritik, Gründe und Folgen der CVE-Schwemme im Kernel
Rund 55 pro Woche veröffentlichte Kernel-CVEs stellen auch die Größen der Linux-Branche vor Probleme und nötigen zu mehr Zusammenarbeit und neuen Werk… First seen on heise.de Jump to article: www.heise.de/news/Linux-Kritik-Gruende-und-Folgen-der-CVE-Schwemme-im-Kernel-9963793.html
-
5 CVEs in Microsoft’s October Update to Patch Immediately
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now
-
Open-Source Scanner Released to Detect CUPS Vulnerability
A new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-202… First seen on gbhackers.com Jump to article: gbhackers.com/open-source-scanner-released-to-detect-cups-vulnerability/
-
Qualcomm Addresses DSP Vulnerability CVE-2024-43047, Urges Users to Patch Devices
Qualcomm has released the latest security advisory for multiple vulnerabilities. Among them, a Qualcomm vulnerability, designated as CVE-2024-43047, h… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/qualcomm-vulnerability-cve-2024-43047/
-
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks CVE-2024-45519
A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to re… First seen on gbhackers.com Jump to article: gbhackers.com/zimbra-installations-code-execution-attack/
-
Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it’s not really a vulnerability…. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
-
CVE-2024-45519 – Sicherheitslücke in Zimbra wird aktiv ausgenutzt
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriffe-zimbra-sicherheitsluecke-gefaelschte-gmail-adressen-a-edd309795e6574d3fa23fd1ed4d84c16/
-
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cyber… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
-
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers r… First seen on securityaffairs.com Jump to article: securityaffairs.com/169316/cyber-crime/4000-unpatched-adobe-commerce-and-magento-stores-hacked.html
-
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researche… First seen on securityaffairs.com Jump to article: securityaffairs.com/169239/hacking/zimbra-postjournal-flaw-cve-2024-45519-exploited.html
-
A quartet of Linux CVEs draws exploit fears among open source community
First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/linux-cves-open-source/728310/
-
Remote Code Execution Vulnerability Alert of Unix CUPS Print Service (CVE-2024-47076 / CVE-2024-47175 / CVE-2024-47177)
Overview Recently, NSFOCUS CERT monitored the disclosure of the details of remote code execution vulnerabilities for Unix CUPS printing service on the… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/remote-code-execution-vulnerability-alert-of-unix-cups-print-service-cve-2024-47076-cve-2024-47175-cve-2024-47177/
-
Sophisticated Cyber Espionage: Earth Baxia Uses CVE-2024-36401 and Cobalt Strike to Infiltrate APAC
In a recent report from Trend Micro, the cyber espionage group Earth Baxia has been identified targeting government organizations in Taiwan and potent… First seen on securityonline.info Jump to article: securityonline.info/sophisticated-cyber-espionage-earth-baxia-uses-cve-2024-36401-and-cobalt-strike-to-infiltrate-apac/
-
CVE-2024-43491 Windows 10 Security Vulnerability September 2024
Critical vulnerability (CVE-2024-43491) in the Microsoft Windows Update process allows attackers to bypass previous security patches, exposing systems… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-43491-windows-10-security-vulnerability-september-2024/
-
CISA catalog falls short on CVEs targeted by Flax Typhoon
First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/vulnerabilities-flax-typhoon-botnet/727886/
-
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26. … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-47076-cve-2024-47175-cve-2024-47176-cve-2024-47177-frequently-asked-questions-about-common-unix-printing-system-cups-vulnerabilities/
-
New Threats in Cybersecurity: September 2024 CVE Roundup
Keep Your Organization Safe with Up-to-Date CVE Information The National Institute of Standards and Technology (NIST) continues to identify critical … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/new-threats-in-cybersecurity-september-2024-cve-roundup/
-
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could b… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/25/cve-2024-28987-poc/
-
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by atta… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/25/cve-2024-7593-exploited/
-
Researcher Details Cisco Smart Licensing that Lets Attacker Control Device
Cisco disclosed a critical vulnerability identified as CVE-2024-20439, affecting its Smart Licensing Utility. An independent researcher discovered thi… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-smart-licensing/
-
FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code
FreeBSD has disclosed a critical remote code execution (RCE) vulnerability affecting its bhyve hypervisor. This vulnerability, CVE-2024-41721, could a… First seen on gbhackers.com Jump to article: gbhackers.com/freebsd-rce-vulnerability/
-
CVE-2024-45195 – Kritische Schwachstelle in Apache OFBiz erlaubt Code-Ausführung
First seen on security-insider.de Jump to article: www.security-insider.de/ofbiz-updates-sicherheitsluecken-schliessen-a-f0c2bba805a440d188cad18437132f49/
-
Third Recent Ivanti Vulnerability Exploited in the Wild
CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild. The post Third Recent Ivanti Vul… First seen on securityweek.com Jump to article: www.securityweek.com/third-recent-ivanti-product-vulnerability-exploited-in-the-wild/
-
CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive
On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerabilit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/