Tag: vulnerability
-
WordPress LiteSpeed Cache plugin flaw could allow site takeover
A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers to execute arbitrary JavaScript. The vulnerability is a stored cross-site scripting (XSS) issue impacting versions…
-
Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs
Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. Apple released iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respectively tracked as CVE-2024-44207 and CVE-2024-44204. The company addressed the vulnerability by improving checks. The flaw was reported by Michael Jimenez and an anonymous researcher. The…
-
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology.The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security…
-
Why is asset deduplication a hard problem?
“If you cannot count it, you cannot manage it.” Every CISO and CIO ever Asset deduplication is a crucial challenge in exposure management (and CAASM). In today’s complex IT environments, effective management of vulnerabilities and other findings relies on accurate asset inventories to understand and mitigate potential risks. Assets from different data sources must… Read…
-
iPhone ‘VoiceOver’ Feature Could Read Passwords Aloud
CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/iphone-voiceover-feature-read-passwords-aloud
-
Linux Systems Vulnerable to perfctl Malware
First seen on scworld.com Jump to article: www.scworld.com/brief/linux-systems-vulnerable-to-perfctl-malware
-
Ivanti Confirms Exploitation of an Old Critical Vuln
Remote Code Execution Bug Exploited in Limited Attacks. Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code. First seen on govinfosecurity.com…
-
Mass Retail Hacks Affect Adobe Commerce and Magento Stores
4,387 Online Merchants Compromised, Including Cisco and National Geographic Stores. Thousands of online stores running Adobe Commerce and Magento software have been hacked since the summer and infected with digital payment skimmers by attackers targeting a vulnerability known as CosmicSting. While patched by Adobe in June, users also need to forcibly invalidate stolen credentials. First…
-
CISA’s vulnerability management program spotted 250 critical CVEs in 2023
The 51 federal civilian agencies involved in the program remediated 872 vulnerabilities last year, up 78% increase from 2022, according to CISA. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-vulnerability-disclosure-platform/728956/
-
Cups Linux printing bugs open door to DDoS attacks, says Akamai
The Cups Linux printing vulnerabilities disclosed at the end of September would seem to have a nasty sting in their tail, according to researchers at Akamai First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366612800/Cups-Linux-printing-bugs-open-door-to-DDoS-attacks-says-Akamai
-
Hackers Exploit Ivanti Endpoint Manager Flaw”, Are You at Risk?
Tags: cve, cybersecurity, endpoint, exploit, flaw, hacker, infrastructure, ivanti, malicious, risk, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations about an active exploitation of a vulnerability in Ivanti Endpoint Manager (EPM). This critical flaw, tracked as CVE-2024-29824, poses a serious threat, allowing attackers to remotely execute malicious code on affected servers without authentication. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/critical-ivanti-vulnerability-cve-2024-29824/
-
Cybersecurity in Logistics and Transportation Sector: Key Threats and Challenges
The logistics and transportation sectors are the backbone of global trade, ensuring the seamless movement of goods across borders and industries. However, the increasing reliance on digital technologies, such as IoT devices, GPS tracking, and cloud-based management systems, has made this industry highly vulnerable to cyberattacks. In a business where delays, disruptions, or breaches can……
-
How to Get Going with CTEM When You Don’t Know Where to Start
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities – First seen…
-
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including…
-
Sellafield nuclear site hit with £332,500 fine after >>significant cybersecurity shortfalls<<
The UK’s Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were found to have been left vulnerable to hackers and unauthorised access for years. First seen on bitdefender.com Jump to article: www.bitdefender.com/blog/hotforsecurity/sellafield-nuclear-site-332500-fine-cybersecurity-shortfalls/
-
Google Addresses Critical Baseband Flaws, Strengthens Pixel Defenses
Google recently addressed a flaw within cellular modem vulnerabilities that can pose risk to smartphone users. The cellular baseband is responsible for handling all cellular communications, including LTE, 4G, and 5G connectivity. However, the complexity of this software presents challenges in security hardening, making it an attractive target for malicious actors. First seen on thecyberexpress.com…
-
CISA Warns of Critical Vulnerabilities in Switches Used in Manufacturing
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities identified in Optigo Networks ONS-S8 Aggregation Switch products. These devices are commonly used in critical infrastructure and manufacturing systems worldwide, and the vulnerabilities could allow attackers to bypass authentication and execute remote code, posing significant risks to affected…
-
Navigating the 2024 Cybersecurity Threat Landscape for MSPs: Key Insights from Seceon’s Innovation and Certification Days
In 2024, Managed Service Providers (MSPs) are increasingly targeted by cybercriminals due to their central role in securing and managing client networks. The complexity of these threats is growing, with ransomware, nation-state actors, and supply chain vulnerabilities at the forefront. MSPs must understand the evolving threat landscape to protect their own systems and, by extension,…
-
75.000 Linux-Geräte betroffen – Gefährliche Schwachstelle in CUPS
First seen on security-insider.de Jump to article: www.security-insider.de/linux-cups-schwachstelle-a-6104466cd8bad7318e3beb69c4e52dbf/
-
Exposing the Credential Stuffing Ecosystem
Through our infiltration of the credential stuffing ecosystem, we reveal how various individuals collaborate to execute attacks and expose vulnerabilities for profit. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/exposing-the-credential-stuffing-ecosystem/
-
Emulating the Surging Hadooken Malware
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Hadooken malware during intrusions that abused misconfigurations and critical Remote Code Execution (RCE) vulnerabilities on public-facing Oracle Weblogic Servers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/emulating-the-surging-hadooken-malware/
-
Thousands of DrayTek Routers at Risk From 14 Vulnerabilities
Tags: attack, data, flaw, malicious, remote-code-execution, risk, router, service, theft, vulnerabilitySeveral of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/thousands-draytek-routers-at-risk-14-new-vulnerabilities
-
Recently patched CUPS flaw can be used to amplify DDoS attacks
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/recently-patched-cups-flaw-can-be-used-to-amplify-ddos-attacks/
-
Breach Roundup: AI ‘Nudify’ Sites Serve Malware
Tags: ai, breach, cybercrime, group, hacking, insurance, malware, north-korea, scam, vulnerability, windowsAlso: Prison Sentences for BEC Scammers and a West African Cybercrime Crackdown. This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows…
-
CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog
Ivanti reports that the bug is being actively exploited in the wild for select customers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisa-high-severity-ivanti-vulnerability-kev-catalog
-
DDoS attacks possible with exploitation of CUPS vulnerabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/ddos-attacks-possible-with-exploitation-of-cups-vulnerabilities
-
Intrusions involving critical Ivanti EPM vulnerability underway
First seen on scworld.com Jump to article: www.scworld.com/brief/intrusions-involving-critical-ivanti-epm-vulnerability-underway
-
CUPS Vulnerabilities Could Lead to Widespread Attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/cups-vulnerabilities-could-lead-to-widespread-attacks