Tag: cve
-
March 2024 Patch Tuesday: Significant Vulnerabilities
Microsoft has rolled out its latest batch of security fixes for March 2024 Patch Tuesday, addressing a total of 59 CVE-numbered vulnerabilities. The g… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/march-2024-patch-tuesday/
-
Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw
VMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw. The post Mic… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-says-ransomware-gangs-exploiting-just-patched-vmware-esxi-flaw/
-
Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cybe… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/29/cve-2023-45249/
-
Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/next-gen-vulnerability-assessment-aws-bedrock-claude-in-cve-data-classification/
-
Cisco Patches the Products Impacted by RADIUS Protocol Vulnerability
Cisco has issued patches for multiple products affected by a critical vulnerability in the RADIUS protocol. The vulnerability, identified as CVE-2024-… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-patches-the-products-impacted/
-
Cisco-Patches schließen kritische Schwachstellen in SSM und SEG
Noch ein kleiner Nachtrag von Ende der Woche. Anbieter Cisco hat kritische Schwachstellen in Produkten geschlossen. Da gibt es die Schwachstelle CVE-2… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/21/cisco-patches-schlieen-kritische-schwachstellen-in-ssm-und-seg/
-
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Ser… First seen on securityaffairs.com Jump to article: securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
-
Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduz… First seen on securityaffairs.com Jump to article: securityaffairs.com/166152/security/cve-2024-21412-flaw-info-stealers.html
-
Broadcom liefert Update für CVE-2024-22280 – VMware Aria Automation und Cloud Foundation anfällig für SQL-Injections
First seen on security-insider.de Jump to article: www.security-insider.de/broadcom-vmware-sql-injection-schwachstelle-vmware-aria-updates-a-245d38ecf6d1179fcdbe0351da56ae96/
-
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Criti… First seen on securityweek.com Jump to article: www.securityweek.com/docker-patches-critical-authz-plugin-bypass-vulnerability-dating-back-to-2018/
-
Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year
A severe zero-day vulnerability in Microsoft Windows, tracked as CVE-2024-38112, has been actively exploited by threat actors for at least 18 months. … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/critical-microsoft-zero-day-vulnerability-exploited-in-the-wild-for-over-a-year/
-
SolarWinds Serv-U vulnerability under attack
The Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind’s Serv-U file transfer p… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366589400/SolarWinds-Serv-U-vulnerability-under-attack
-
Organizations Warned of Exploited Twilio Authy Vulnerability
CISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data. The post Organization… First seen on securityweek.com Jump to article: www.securityweek.com/organizations-warned-of-exploited-twilio-authy-vulnerability/
-
Windows Patchday-Nachlese: MSHTML 0-day-Schwachstelle CVE-2024-38112 durch Malware ausgenutzt
Noch ein kleiner Nachtrag zum Juli 2024 Patchday bei Microsoft. Mit den Sicherheitsupdates hat Microsoft auch eine MSHTML Spoofing-Schwachstelle gesch… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/18/windows-patchday-nachlese-mshtml-0-day-schwachstelle-cve-2024-38112-durch-malware-ausgenutzt/
-
SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition
SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN. This flaw, identified as CVE-2024-40764, can pot… First seen on gbhackers.com Jump to article: gbhackers.com/sonicos-ipsec-vpn-vulnerability/
-
Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity
A critical security flaw, CVE-2024-40348, has emerged in Bazaar v1.4.3, posing substantial risks due to its potential for directory traversal by unaut… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2024-40348-vulnerability-in-bazaar-v1-4-3/
-
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/18/cve-2024-20401-cve-2024-20419/
-
Hackers are actively exploiting PHP RCE vulnerability (CVE-2024-4577)
A critical vulnerability in PHP, designated CVE-2024-4577, has become a prime target for cybercriminals within a day of its public disclosure in June … First seen on securityonline.info Jump to article: securityonline.info/hackers-are-actively-exploiting-php-rce-vulnerability-cve-2024-4577/
-
Void Banshee exploits CVE-2024-38112 zero-day to spread malware
Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void … First seen on securityaffairs.com Jump to article: securityaffairs.com/165832/apt/void-banshee-cve-2024-38112-zero-day-attacks.html
-
New OpenSSH CVE-2024-6409 Flaw Emerges
A week after the disclosure of the regreSSHion CVE-2024-6387 flaw in OpenSSH, researchers have found a related flaw (CVE-2024-6409) in some recent ver… First seen on duo.com Jump to article: duo.com/decipher/new-openssh-cve-2024-6409-flaw-emerges
-
Void Banshee APT exploited >>lingering Windows relic<< in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/16/cve-2024-38112-void-banshee/
-
Ransomware groups target Veeam Backup Replication bug
Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CV… First seen on securityaffairs.com Jump to article: securityaffairs.com/165753/malware/ransomware-groups-target-veeam-backup-replication-bug.html
-
Neue Sicherheitslücke CVE-2024-6409 – Schon wieder Schwachstelle in OpenSSH gefunden!
First seen on security-insider.de Jump to article: www.security-insider.de/neue-sicherheitsluecken-openssh-cve-2024-6409-cve-2024-6387-a-d440c27ea09facb360e465932b6160b4/
-
Apache HugeGraph Vulnerability Exploited in Wild
A recently patched Apache HugeGraph-Server vulnerability tracked as CVE-2024-27348 is being targeted in attacks. The post Apache HugeGraph Vulnerabili… First seen on securityweek.com Jump to article: www.securityweek.com/apache-hugegraph-vulnerability-exploited-in-wild/
-
Oracle Patches 240 Vulnerabilities With July 2024 CPU
Oracle releases 386 new security patches to resolve roughly 240 unique CVEs as part of its July 2024 Critical Patch Update. The post Oracle Patches 24… First seen on securityweek.com Jump to article: www.securityweek.com/oracle-patches-240-vulnerabilities-with-july-2024-cpu/
-
Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code
A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as CVE-2024-6744. This flaw assigned a CVSS score of 9… First seen on gbhackers.com Jump to article: gbhackers.com/cellopoint-secure-email-gateway-flaw/
-
Act Now: Critical Apache HugeGraph Vulnerability Under Attack
A critical security vulnerability, CVE-2024-27348, has been identified in Apache HugeGraph-Server, posing a severe risk to organizations relying on th… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hugegraph-vulnerability-cve-2024-27348/
-
APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer
The Void Banshee APT exploited the CVE-2024-38112 Windows zero-day to infect systems with the Atlantida stealer. The post APT Exploits Windows Zero-Da… First seen on securityweek.com Jump to article: www.securityweek.com/apt-exploits-windows-zero-day-to-execute-code-via-disabled-internet-explorer/
-
Patch-Tuesday Die Auswirkungen der Schwachstelle in Windows-Hyper-V sind enorm
Saeed Abbasi, Produktmanager, Vulnerability Research, Qualys Threat Research Unit (TRU) zum Patch Tuesday: ‘Die Auswirkungen von CVE-2024-38080, einer… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/07/10/patch-tuesday-die-auswirkungen-der-schwachstelle-in-windows-hyper-v-sind-enorm/
-
Hacker nutzen uralte Sicherheitslücke um Sicherheitsvorkehrungen auszuhebeln
Obwohl die Sicherheitslücke CVE-2015-2291 in Treibern von Intel bereits seit Jahren bekannt ist, nutzen Hacker sie bis heute aus, um Netzwerke zu komp… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/hacker-nutzen-uralte-sicherheitslucke-um-sicherheitsvorkehrungen-auszuhebeln