Tag: cve
-
Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild
RCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-202… First seen on gbhackers.com Jump to article: gbhackers.com/whatsup-rce-vulnerability-exploit/
-
Schwachstelle CVE-2024-39717 wird ausgenutzt – Gefährliche Datei-Uploads bedrohen Versa Director
First seen on security-insider.de Jump to article: www.security-insider.de/versa-networks-schwachstelle-versa-director-a-c4c369ac554adaf5970fc00f91561125/
-
Siemens Industrial Edge Management Vulnerable to Authorization Bypass Attacks
Siemens ProductCERT has disclosed a critical vulnerability in its Industrial Edge Management systems. The vulnerability, identified as CVE-2024-45032,… First seen on gbhackers.com Jump to article: gbhackers.com/siemens-vulnerable-bypass-attacks/
-
Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)
Recently, a critical vulnerability in the widely used Apache OFBiz framework was disclosed, designated CVE-2024-45195. This vulnerability allows for u… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/imperva-protects-against-critical-apache-ofbiz-vulnerability-cve-2024-45195/
-
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/10/cve-2024-38217-cve-2024-43491/
-
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 a recently fixed improper access control vulnerability affecti… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/10/cve-2024-40766-exploited/
-
Don’t Delay: Patch LoadMaster Now to Avoid Exploitation
A security vulnerability, identified as CVE-2024-7591, has been disclosed affecting all versions of LoadMaster and the LoadMaster Multi-Tenant (MT) hy… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/loadmaster-vulnerability-cve-2024-7591/
-
Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401
Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. Researchers … First seen on securityaffairs.com Jump to article: securityaffairs.com/168197/malware/geoserver-geotools-flaw-cve-2024-36401-malware.html
-
Veeam Backup Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup Replication (VBR), could soon be exploited by attackers to steal enterprise data. Disc… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/09/cve-2024-40711-exploited/
-
2024 seeing more CVEs than ever before, but few are weaponised
The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threa… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366600424/2024-seeing-more-CVEs-than-ever-before-but-few-are-weaponised
-
Veeam warnt vor kritischer RCE-Schwachstelle CVE-2024-4071 in Backup Replication
Der Softwarehersteller Veeam warnt vor kritischer RCE-Schwachstelle in Backup & Replication. Blog-Leser j. hatte gestern im Diskussionsbereich auf… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/06/veeam-warnt-vor-kritischer-rce-schwachstelle-cve-2024-4071-in-backup-replication/
-
Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks
A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks. The post Critical SonicWall Vulner… First seen on securityweek.com Jump to article: www.securityweek.com/critical-sonicwall-vulnerability-possibly-exploited-in-ransomware-attacks/
-
Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild
SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild. The post Recent SonicWall… First seen on securityweek.com Jump to article: www.securityweek.com/recent-sonicwall-firewall-vulnerability-potentially-exploited-in-the-wild/
-
SonicWall Access Control Vulnerability Exploited in the Wild
SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN. The flaw, identified as CVE-20… First seen on gbhackers.com Jump to article: gbhackers.com/sonicwall-access-control-vulnerability/
-
SonicWall SSLVPN access control flaw is now exploited in attacks
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now potentially exploited in attacks, urging ad… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-sslvpn-access-control-flaw-is-now-exploited-in-attacks/
-
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks. The post Apach… First seen on securityweek.com Jump to article: www.securityweek.com/apache-makes-another-attempt-at-patching-exploited-rce-in-ofbiz/
-
SonicWall warns that SonicOS bug exploited in attacks
Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. Soni… First seen on securityaffairs.com Jump to article: securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html
-
Schwachstelle CVE-2024-37079 – So nutzen Hacker VMware vCenter für gefährliche Angriffe
First seen on security-insider.de Jump to article: www.security-insider.de/vmware-vcenter-schwachstelle-cve-2024-37079-patch-a-c2f3b8a9e2742bb828d4de7cd9e2a454/
-
Google fixed actively exploited Android flaw CVE-2024-32896
Google addressed a security vulnerability in its Android operating system that is actively exploited in attacks in the wild. Google addressed a high-s… First seen on securityaffairs.com Jump to article: securityaffairs.com/168047/mobile-2/google-fixed-actively-exploited-android-flaw-cve-2024-32896.html
-
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environmen… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/attackers-exploit-critical-atlassian-confluence-flaw-for-cryptojacking
-
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under activ… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html
-
China’s Volt Typhoon Exploits Zero-Day in Versa’s SD-WAN Director Servers
So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability dat… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers
-
Google backports fix for Pixel EoP flaw to other Android devices
Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation o… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-backports-fix-for-pixel-eop-flaw-to-other-android-devices/
-
Google Patches Actively Exploited Android 0-day Privilege Escalation Vulnerability
Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited. This vulnerability, CVE-2024-32896, is a pr… First seen on gbhackers.com Jump to article: gbhackers.com/google-patchesandroid-0-day-vulnerability/
-
CVE-2024-7971: North Korean APT Citrine Sleet Exploits Chromium Zero-Day
In a recent cybersecurity report, Microsoft Threat Intelligence has revealed that a North Korean threat actor, believed to be Citrine Sleet, has been … First seen on securityonline.info Jump to article: securityonline.info/cve-2024-7971-north-korean-apt-citrine-sleet-exploits-chromium-zero-day/
-
Patch Now: Second SolarWinds Critical Bug in Web Help Desk
The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-disc… First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/patch-now-second-solarwinds-critical-bug-in-web-help-desk
-
Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day
Redmond’s threat intel team said exploitation of CVE-2024-7971 can be attributed to a North Korean APT targeting the cryptocurrency sector for financi… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-says-north-korean-cryptocurrency-thieves-behind-chrome-zero-day/
-
North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit
North Korea-linked APT exploited the recently patched Google Chrome zero-day CVE-2024-7971 to deploy the FudModule rootkit. North Korea-linked group C… First seen on securityaffairs.com Jump to article: securityaffairs.com/167848/breaking-news/north-korea-linked-apt-exploited-chrome-zero-day-cve-2024-7971.html
-
Huntress is Now a CVE Numbering Authority
Tags: cveFirst seen on scmagazine.com Jump to article: www.scmagazine.com/native/huntress-is-now-a-cve-numbering-authority
-
Top 5 CVEs and Vulnerabilities of August 2024: Key Threats and How to Respond
August has seen some of the most eye-opening vulnerabilities surface, catching the attention of security experts across the globe. These aren’t just n… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/top-5-cves-and-vulnerabilities-of-august-2024-key-threats-and-how-to-respond/