Tag: rce
-
Critical Zimbra RCE flaw actively exploited to take over servers
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially craft… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-actively-exploited-to-take-over-servers/
-
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE
After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about fo… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/27/cups-vulnerabilities/
-
Critical RCE vulnerability found in OpenPLC
Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat in… First seen on securityaffairs.com Jump to article: securityaffairs.com/168953/ics-scada/openplc-critical-flaw.html
-
Doomsday ‘9.9 RCE bug’ might hit every Linux system
First seen on theregister.com Jump to article: www.theregister.com/2024/09/26/unauthenticated_rce_bug_linux/
-
1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam
First seen on darkreading.com Jump to article: www.darkreading.com/application-security/poc-exploit-for-rce-flaw-but-patches-from-veeam
-
Exploiting Exploiting Exchange PowerShell After ProxyNotShell: Part 3 DLL Loading Chain for RCE
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36374/Exploiting-Exploiting-Exchange-PowerShell-After-ProxyNotShell-Part-3-DLL-Loading-Chain-for-RCE.html
-
Open Source C3 Frameworks Used In Red Teaming Assessments Vulnerable To RCE Attacks
C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline the management of compromise… First seen on gbhackers.com Jump to article: gbhackers.com/c3-framework-rce-vulnerability/
-
Open Source C2 Frameworks Used In Red Teaming Assessments Vulnerable To RCE Attacks
C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline the management of compromise… First seen on gbhackers.com Jump to article: gbhackers.com/c2-framework-rce-vulnerability/
-
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html
-
FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code
FreeBSD has disclosed a critical remote code execution (RCE) vulnerability affecting its bhyve hypervisor. This vulnerability, CVE-2024-41721, could a… First seen on gbhackers.com Jump to article: gbhackers.com/freebsd-rce-vulnerability/
-
Critical vulnerabilities in Microchip ASF, MediaTek expose RCE risks
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/critical-vulnerabilities-in-microchip-asf-mediatek-expose-rce-risks
-
Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/zero-click-rce-bug-macos-calendar-exposes-icloud-data
-
Rockwell Automation PLC Software Contains RCE Flaw
Attackers Could Shut Down Operations Or Cause Physical Damage. A severe vulnerability in Rockwell Automation software used to configure programmable l… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rockwell-automation-plc-software-contains-rce-flaw-a-26346
-
D-Link patches 5 vulnerabilities including RCE, hard-coded credential flaws
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/d-link-patches-5-vulnerabilities-including-rce-hard-coded-credential-flaws
-
Broadcom fixes critical RCE bug in VMware vCenter Server
Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/
-
D-Link addressed three critical RCE in wireless router models
D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote attackers to execute arbitrary code or gain hardcoded credentials. D-Link… First seen on securityaffairs.com Jump to article: securityaffairs.com/168471/security/d-link-rce-wireless-router-models.html
-
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-code-released-for-critical-ivanti-rce-flaw-patch-now/
-
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security… First seen on securityaffairs.com Jump to article: securityaffairs.com/168456/security/solarwinds-fixed-rce-cve-2024-28991.html
-
Dependency Confusion Could Have Led to RCE in Google Cloud Platform
Tenable shares details on a dependency confusion attack that led to the execution of code on Google’s internal servers. The post Dependency Confusion … First seen on securityweek.com Jump to article: www.securityweek.com/dependency-confusion-could-have-led-to-rce-in-google-cloud-platform/
-
CloudImposer RCE Vulnerability Targets Google Cloud Platform
Attackers Could Exploit Flaw to Run Malicious Code on Google’ s, Customers’ Servers. Google patched a critical remote execution vulnerability in its c… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cloudimposer-rce-vulnerability-targets-google-cloud-platform-a-26299
-
D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/d-link-fixes-critical-rce-hardcoded-password-flaws-in-wifi-6-routers/
-
Week in review: Veeam Backup Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup Replication RCE flaw may soon be levera… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/15/week-in-review-veeam-backup-replication-rce-could-soon-be-exploited-microsoft-fixes-4-0-days/
-
Akira Ransomware Actors Exploit SonicWall Bug for RCE
First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/akira-ransomware-actors-exploit-sonicwall-bug-for-rce
-
Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild
A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers. The flaw designated CVE-2024-45195, allows for unauthen… First seen on gbhackers.com Jump to article: gbhackers.com/apache-ofbiz-rce-vulnerability/
-
Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild
RCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-202… First seen on gbhackers.com Jump to article: gbhackers.com/whatsup-rce-vulnerability-exploit/
-
Ivanti fixes maximum severity RCE bug in Endpoint Management software
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code ex… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-fixes-maximum-severity-rce-bug-in-endpoint-management-software/
-
Akira Ransomware Actively Exploiting SonicWall firewall RCE Vulnerability
SonicWall disclosed a critical remote code execution vulnerability (CVE-2024-40766) in SonicOS on August 22nd, 2024. While no active exploitation was … First seen on gbhackers.com Jump to article: gbhackers.com/akira-sonicwall-exploits/
-
Veeam Backup Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup Replication (VBR), could soon be exploited by attackers to steal enterprise data. Disc… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/09/cve-2024-40711-exploited/
-
Veeam warnt vor kritischer RCE-Schwachstelle CVE-2024-4071 in Backup Replication
Der Softwarehersteller Veeam warnt vor kritischer RCE-Schwachstelle in Backup & Replication. Blog-Leser j. hatte gestern im Diskussionsbereich auf… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/06/veeam-warnt-vor-kritischer-rce-schwachstelle-cve-2024-4071-in-backup-replication/
-
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) H… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/progress-loadmaster-vulnerable-to-10-10-severity-rce-flaw/