Tag: cve
-
Hackers Exploit Firefox and Windows Flaws: RomCom’s Advanced Attack Unveiled
A Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities”, one in Mozilla Firefox and another in Microsoft Windows Task Scheduler. These vulnerabilities, identified as CVE-2024-9680 and CVE-2024-49039, were chained together to allow the group to execute arbitrary code and install malicious backdoors on…
-
CVE-2024-21887 and More: How Earth Estries APT Group Exploits VPNs Servers
In a detailed report from Trend Micro, the Chinese advanced persistent threat (APT) group Earth Estries, also known by aliases like Salt Typhoon and GhostEmperor, has emerged as a significant... First seen on securityonline.info Jump to article: securityonline.info/cve-2024-21887-and-more-how-earth-estries-apt-group-exploits-vpns-servers/
-
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in…
-
Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel – a free vulnerability intelligence platform designed to help you act fast and prioritize real threats.What is Intel?Intel was created to fill a gap in the resources available…
-
Chinese Hackers Exploiting Critical Vulnerability in Array Networks Gateways
CISA warns about attacks exploiting CVE-2023-28461, a critical vulnerability in Array Networks AG and vxAG secure access gateways. The post Chinese Hackers Exploiting Critical Vulnerability in Array Networks Gateways appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-hackers-exploiting-critical-vulnerability-in-array-networks-gateways/
-
CISA Adds Array Networks’ CVE-2023-28461 to KEV List: Critical Patching Urged
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw, CVE-2023-28461, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-cve-2023-28461-vulnerability/
-
200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability
A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites. The vulnerability, which includes two distinct flaws (CVE-2024-10542 and CVE-2024-10781), could allow attackers to install and activate arbitrary plugins on affected websites, potentially leading to remote code execution and full site compromise. Website owners…
-
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
-
U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog. Array Networks’ AG Series and vxAG (versions 9.4.0.481 and…
-
9 VPN alternatives for securing remote network access
Tags: access, ai, api, attack, authentication, automation, best-practice, business, cloud, compliance, computer, computing, control, corporate, credentials, cve, cybercrime, cybersecurity, data, defense, detection, dns, encryption, endpoint, exploit, firewall, fortinet, group, guide, Hardware, iam, identity, infrastructure, Internet, iot, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, office, password, ransomware, risk, router, saas, service, software, strategy, switch, threat, tool, update, vpn, vulnerability, vulnerability-management, waf, zero-trustOnce the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, large numbers…
-
IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text
IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text. This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such as passwords, posing a significant security risk in affected systems. Details of the Vulnerability The…
-
CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks
Tags: access, attack, authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that First…
-
Zyxel firewalls targeted in recent ransomware attacks
Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. Remote, unauthenticated attackers could exploit the flaw to execute OS commands…
-
November 2024 Patch Tuesday Fixes Actively Exploited Flaws (CVE-2024-49039)
In its November 2024 Patch Tuesday update, Microsoft addressed 90 security vulnerabilities, including two critical zero-day exploits currently being actively exploited in the wild (CVE-2024-49039 and CVE-2024-49039). This also update includes fixes for issues impacting Windows NT LAN Manager (NTLM)… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/november-2024-patch-tuesday-cve-2024-49039/
-
Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA
Tags: access, application-security, attack, authentication, best-practice, business, cisa, cloud, conference, container, control, credentials, cve, cvss, cyber, cybersecurity, data, data-breach, defense, exploit, Hardware, identity, infrastructure, injection, Internet, leak, lessons-learned, mfa, open-source, passkey, password, phishing, risk, saas, service, siem, software, sql, strategy, supply-chain, theft, threat, tool, update, vulnerability, vulnerability-managementAs a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
-
Arctic Wolf beobachtet Bedrohungskampagne gegen Firewalls von Palo Alto
Arctic Wolf Labs hat mehrere Security-Breaches bei Unternehmen aus unterschiedlichen Branchen beobachtet, an denen Firewall-Geräte von Palo Alto Network beteiligt waren. Am 18. November 2024 gab Palo Alto Networks zwei Schwachstellen (CVE-2024-0012 und CVE-2024-9474) in Palo Alto Networks OS (PAN-OS) bekannt. Dieses Betriebssystem, wird auf deren Firewall-Geräten genutzt. Einen Tag später veröffentlichte Watchtowr einen Report…
-
7-Zip RCE Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2024-11477, has been attributed to an integer underflow in the Zstandard decompression implementation, which could lead to remote code execution (RCE). CVE-2024-11477 Vulnerability Details The vulnerability, CVE-2024-11477 discovered by […]…
-
Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked
The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012… First seen on hackread.com Jump to article: hackread.com/operation-lunar-peek-palo-alto-firewalls-hacked/
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cve, cybersecurity, exploit, infrastructure, kev, oracle, update, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS,…
-
JFrog zeigt proaktive Schritte gegen Schwachstelle im userinfo-Segment
CVE-2024-10524 verdeutlicht eindrucksvoll die Risiken, die selbst in etablierten Softwareabhängigkeiten schlummern, und betont die Notwendigkeit gründlicher Sicherheitsprüfungen auch für vertrauenswürdige Tools. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-zeigt-proaktive-schritte-gegen-schwachstelle-im-userinfo-segment/a39040/
-
More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days
Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in PAN-OS. CVE-2024-0012is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management…
-
2,000 Palo Alto Networks devices compromised in latest attacks
Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/palo-alto-firewalls-compromised-cve-2024-0012-cve-2024-9474/
-
Exploitation Attempts Target Citrix Session Recording Vulnerabilities
Exploitation attempts seen for two recently patched Citrix Session Recording vulnerabilities tracked as CVE-2024-8068 and CVE-2024-8069. The post Exploitation Attempts Target Citrix Session Recording Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-attempts-target-citrix-session-recording-vulnerabilities/
-
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
A race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from…
-
Apple Urgently Patches Actively Exploited Zero-Days
Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/apple-patches-actively-exploited-zero-days
-
5 Local-Privilege-Escalation-Schwachstellen in der Unbuntu-Komponente <> identifiziert
Qualys gab bekannt, dass die fünf Local-Privilege-Escalation (LPE)-Schwachstellen in der Komponente needrestart identifiziert, die standardmäßig auf Ubuntu-Servern installiert ist. Diese Schwachstellen können von jedem nicht privilegierten Benutzer ausgenutzt werden, um vollen Root-Zugriff zu erlangen, ohne dass eine Interaktion des Benutzers erforderlich ist. Die identifizierten Schwachstellen wurden mit den CVE-Kennungen CVE-2024-48990, CVE-2024-48991, […] First seen on netzpalaver.de…