Custom search

Google fixed critical Chrome vulnerability CVE-2024-4058

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine.

The Hacker News

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

A newly discovered privilege escalation vulnerability (CVE-2024-21410) in Microsoft Exchange Server is being actively exploited.

Trend Micro

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability.

Security Affairs

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released.

Trend Micro

Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk

Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.

The Hacker News

17 days ago

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

Google has released emergency fixes for a new zero-day vulnerability (CVE-2024-4761) that has been actively exploited in the wild.

Cyber Security News

15 days ago

PoC Exploit Released for Ivanti EPMM MobileIron Core

A newly disclosed vulnerability, identified as CVE-2024-22026, has been found in Ivanti EPMM, formerly known as MobileIron Core.

Security Affairs

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410.

Cyber Security News

Linux Kernel Vulnerability (CVE-2024-26925) Let Hackers Access Unauthorized Data

In a significant update from the Linux kernel's security team, a critical vulnerability identified as CVE-2024-26925 has been addressed.

HACKRead

Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)

A vulnerability, CVE-2024-3094, was discovered in XZ Utils package. This vulnerability threatens Linux systems with backdoor attacks.

Security Affairs

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impact 150,000 internet-facing devices

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices.

Security Affairs

Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor

HACKRead

Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor

Palo Alto Networks has released patches for a 0-day vulnerability (CVE-2024-3400) that threatened to leave firewalls exposed to cyberattacks.

Trend Micro

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.

Latest Hacking News

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

Zero Knowledge Networking vendor shrugs off firewall flaw In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading firewall solution, Xiid Corporation reminds organizations that Xiid SealedTunnel customers remain secure. This

HACKRead

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

Las Vegas, United States, April 17th, 2024, CyberNewsWire

Trend Micro

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day

The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.

Cyber Security News

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading firewall solution, Xiid Corporation reminds organizations that Xiid SealedTunnel customers remain secure. This latest vulnerability, currently unpatched and rated 10/10 on the CVSS (Common Vulnerability Scoring System), highlights the limitations of traditional security approaches. Xiid SealedTunnel, the world’s first and […]

Security Affairs

Apple fixed actively exploited zero-day CVE-2024-23222

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild.

SC Magazine

2nd critical GitLab patch of 2024 fixes arbitrary file writing bug

CVE-2024-0402, CVSS score 9.9, may affect more than 4,800 unpatched GitLab servers.

HACKRead

CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)

CISA is urging all US federal civilian agencies to patch a critical vulnerability (CVE-2023-24955) in Microsoft SharePoint Server by April 16, 2024.

Security Affairs

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw affecting the Windows software.

Security Affairs

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges.

Security Affairs

+16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw.

The Cyber Express

Critical XZ Utils Backdoor (CVE-2024-3094) Leads to SSH Compromise

A critical vulnerability has been discovered within the XZ Utils library (a command line tool for compressing and decompressing XZ

The Cyber Express

17 hours ago

RedTail Cryptominer Evolves with Palo Alto PAN-OS CVE-2024-3400 Vulnerability

The operators of RedTail cryptominer, which was the biggest cryptominer operation last year, have now started to take advantage of

Security Affairs

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra's GoAnywhere MFT.

The Cyber Express

CISA Adds Two Critical Vulnerabilities to Watchlist: CVE-2023-7024 and CVE-2023-7121

CISA has added two additional vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024. The two additions have been

Cyber Security News

16 days ago

Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild

Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.

Trend Micro

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.

Security Affairs

2 years ago

CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws

CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022. The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 to order federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws or to remove the affected products from their networks by May 23, 2022. The list of impacted […]

SecurityWeek

Cyber Insights 2024: Artificial Intelligence

AI's progress in 2024 and beyond: 2023 was a year of hype, 2024 brings the beginning of AI reality, and 2025 likely to be its delivery.

Security Affairs

Thousands of Citrix servers still vulnerable to CVE-2022-27510 and CVE-2022-27518

Researchers warn of thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints are still unpatched. NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. CVE-2022-27510 flaw is an authentication bypass using an […]

SecurityWeek

22 days ago

CISA Announces CVE Enrichment Project 'Vulnrichment'

CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes.

SecurityWeek

6 months ago

Five Cybersecurity Predictions for 2024

Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape.

Security Affairs

Mozilla fixed Firefox 0days exploited at Pwn2Own Vancouver 2024

Mozilla addressed two Firefox zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition.

Latest Hacking News

11 days ago

Microsoft Patch Tuesday May 2024 Fixed 3 Zero-Days

Microsoft rolled out its scheduled Patch Tuesday update for May 2024 this week. Unlike the previous month’s update, this time, the updates address three zero-day vulnerabilities alongside other security fixes. Microsoft May 2024 Patch Tuesday Updates

SecurityWeek

SecurityWeek Cyber Insights 2024 Series

Cyber Insights 2024 Series is based on discussions with hundreds of cybersecurity experts from dozens of companies covering multiple topics.

The Record

25 days ago

RSA Conference 2024 [Live Updates]

Recorded Future News will be providing live coverage from the 2024 RSA Conference in San Francisco.

Security Affairs

Microsoft Patch Tuesday for March 2024 fixed 59 flaws

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws.

The Hacker News

Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities

Microsoft's latest update tackles a whopping 48 security vulnerabilities! Stay protected with their January 2024 Patch Tuesday fixes

CyberNews

What to expect from the tech industry in 2024

what to expect from the tech industry 2024

The Cyber Express

2024 Cybersecurity Trends: Insights from Experts

As the world steps closer to 2024, the cybersecurity industry is poised to witness some transformative changes. The cybersecurity predictions

SecurityWeek

SAP's April 2024 Updates Patch High-Severity Vulnerabilities

SAP releases 12 security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities.

Security Affairs

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast.

Security Affairs

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.

The Cyber Express

Microsoft Patch Tuesday 2024: Critical Vulnerabilities Addressed in Latest Security Update

March 2024 brings a fresh focus on cybersecurity as Microsoft rolls out its latest set of patches, addressing 61 vulnerabilities

The Cyber Express

Imperva WAF Flaw (CVE-2023-50969) Exposes Organizations to Breaches

A critical security flaw, identified as CVE-2023-50969, has recently been discovered in Imperva SecureSphere, a popular on-premise Web Application Firewall

Bleeping Computer

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.

Bleeping Computer

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days.

Bleeping Computer

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.

SecurityWeek

Android's January 2024 Security Update Patches 58 Vulnerabilities

Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities.

Bleeping Computer

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs

Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.

The Cyber Express

25 days ago

RSA Conference 2024: What to Expect from the World’s Largest Cybersecurity Event

The RSA conference 2024 , the world's largest cybersecurity gathering, commenced in San Francisco from May 6 to 9, 2024.

Bleeping Computer

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.

SecurityWeek

CVE and NVD - A Weak and Fractured Source of Vulnerability Truth

The CVE List and the National Vulnerability Database (NVD) can no longer be considered a single central source of vulnerability truth.

Trend Micro

6 months ago

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.

Bleeping Computer

Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.

Security Affairs

US CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

The U.S. CISA added Ivanti EPMM vulnerability CVE-2023-35082 to its Known Exploited Vulnerabilities catalog.

Bleeping Computer

17 days ago

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws

Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.

Cyber Security News

Microsoft Patch Tuesday 2024 Released with Fixes for 49 vulnerabilities - Update Now!

Microsoft released its first patch on Tuesday of 2024, 49 vulnerabilities have been fixed in Microsoft products & 5 vulnerabilities.

Security Affairs

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild.

The Hacker News

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).

Bleeping Computer

17 days ago

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.

Security Affairs

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition.

The Cyber Express

2024 Outlook: Emerging Trends Shaping Physical Security

As 2023 draws to a close, anticipation builds for the transformative changes expected in 2024, especially in the technology and

Cyber Security News

Alert! Oracle Releases Critical Patch Update 2024 - 372 Vulnerabilities are Fixed

Oracle has released its Critical Patch Update (CPU) for April 2024, addressing 372 vulnerabilities across multiple products.

Infosecurity News

3 days ago

What to Expect at Infosecurity Europe 2024

Get ready for Infosecurity Europe 2024 with these top five picks from Infosecurity Magazine to help you plan your visit

CyberNews

Election security tops CISA's 2024 joint cyber defense priorities

CISA released its 2024 Joint Cyber Defense Collaborative Priorities, which includes election security.

SecurityWeek

Oracle Patches 200 Vulnerabilities With January 2024 CPU

Oracle releases 389 new security patches to address 200 vulnerabilities as part of the first Critical Patch Update of 2024.

Security Affairs

2 years ago

Critical Magento zero-day flaw CVE-2022-24086 actively exploited

Adobe addressed a critical vulnerability (CVE-2022-24086) impacting Magento Open Source products that is being actively exploited in the wild. Adobe rolled out security updates to address a critical security vulnerability, tracked as CVE-2022-24086, affecting its Commerce and Magento Open Source products that is being actively exploited in the wild. “Adobe is aware that CVE-2022-24086 has […]

SecurityWeek

Oracle Patches 230 Vulnerabilities With April 2024 CPU

Oracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update.

HACKRead

Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest

Silver Spring, United States / Maryland, April 3rd, 2024, CyberNewsWire

Cyber Security News

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow

Bleeping Computer

8 months ago

Google assigns new maximum rated CVE to libwebp bug exploited in attacks

Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.

CSO

Most interesting products to see at RSAC 2024

Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out.

SecurityWeek

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack

Participants earned $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software.

Trend Micro

Accelerating into 2024 with NEOM McLaren Formula E

Learn more about how Trend is engineering innovation and resiliency with NEOM McLaren Formula E Team in 2024 and beyond.

SecurityWeek

23 days ago

RSA Conference 2024 – Announcements Summary (Day 2)

Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.

Security Affairs

2 years ago

Securing Easy Appointments and earning CVE-2022-0482

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings. […]

The Cyber Express

Cybersecurity Resolutions: Strengthening Digital Defences in 2024

By Ashish Tandon, Founder & CEO, Indusface In the ever-evolving landscape of digital threats and cyberattacks, the year 2024 demands

SecurityWeek

Over 50 New CVE Numbering Authorities Announced in 2022

More than 50 organizations have been added as a CVE Numbering Authority (CNA) in 2022, bringing the total to 260.

CyberNews

Top 5 cybersecurity threats to be aware of in cryptoland in 2024

Crypto security threats in 2024

SecurityWeek

21 days ago

RSA Conference 2024 – Announcements Summary (Day 4)

Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.

Security Affairs

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

Microsoft Patch Tuesday security updates for February 2024 addressed 71 flaws, two of which are actively exploited in the wild.

Infosecurity News

Businesses Increase Cybersecurity as Budgets Surge in 2024

Over two-thirds of IT decision-makers increase cybersecurity budgets in 2024, prioritizing cloud security and incident response as cyber threats escalate

Computerworld

Enterprise mobility 2024: Welcome, genAI

Many of the buzziest IT trends — low-code automation, digital employee experience, and yes, even generative AI — are making their way into the major mobility management platforms. Here’s what to look for in 2024 and beyond.

SC Magazine

10 days ago

State of CISO leadership in 2024

A CISO job description is a moving target in 2024 as these security leaders face new twists on employment challenges, a 'hostile' regulatory climate and a bevy of new internal and external digital threats.

Trend Micro

4 days ago

RSAC 2024 Review: AI & Data Governance Priorities

Get our take on the RSA 2024 conference where we review some of the major topics covered such as AI and data governance.

The Hacker News

Top 7 Trends Shaping SaaS Security in 2024

2024 brings new SaaS security challenges. Stay ahead of the curve with insights on democratization, ITDR, and compliance.

Security Affairs

Microsoft revised CVE-2022-37958 severity due to its broader scope

Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as “critical” because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was […]

Security Affairs

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 in attacks in the wild.

Latest Hacking News

Apple Begins 2024 Patching A Zero-Day Under Attack

Apple began the new year 2024 with a zero-day patch that it simultaneously released for its numerous products. The tech giant confirmed active exploitation of the zero-day vulnerability that affected Apple TVs, Macs, and iOS

Cyber Security News

22 days ago

CISA Announced Vulnrichment : Project to Enrich CVE Records

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a new initiative called "Vulnrichment" aimed at enriching Common Vulnerabilities and Exposures (CVE) records with additional metadata to help organizations better prioritize vulnerability remediation efforts.

Cyber Security News

Multiple Palo Alto Networks Firewall Flaws Let Attackers Cause Disruption

These flaws could allow attackers to disrupt services by causing a denial of service (DoS) or manipulating user access controls. The vulnerabilities are tracked as CVE-2024-3382, CVE-2024-3383, and CVE-2024-3384.

Security Affairs