Security Affairs
+1,400 CrushFTP servers vulnerable to CVE-2024-4040
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability.
Security Affairs
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability.
Security Affairs
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine.
The Hacker News
A newly discovered privilege escalation vulnerability (CVE-2024-21410) in Microsoft Exchange Server is being actively exploited.
Trend Micro
This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability.
Security Affairs
Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released.
Trend Micro
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
The Hacker News
Google has released emergency fixes for a new zero-day vulnerability (CVE-2024-4761) that has been actively exploited in the wild.
Security Affairs
Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410.
Cyber Security News
In a significant update from the Linux kernel's security team, a critical vulnerability identified as CVE-2024-26925 has been addressed.
HACKRead
A vulnerability, CVE-2024-3094, was discovered in XZ Utils package. This vulnerability threatens Linux systems with backdoor attacks.
Security Affairs
Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices.
Security Affairs
Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor
HACKRead
Palo Alto Networks has released patches for a 0-day vulnerability (CVE-2024-3400) that threatened to leave firewalls exposed to cyberattacks.
Trend Micro
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
Latest Hacking News
Zero Knowledge Networking vendor shrugs off firewall flaw In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading firewall solution, Xiid Corporation reminds organizations that Xiid SealedTunnel customers remain secure. This
HACKRead
Las Vegas, United States, April 17th, 2024, CyberNewsWire
Trend Micro
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
Cyber Security News
In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading firewall solution, Xiid Corporation reminds organizations that Xiid SealedTunnel customers remain secure. This latest vulnerability, currently unpatched and rated 10/10 on the CVSS (Common Vulnerability Scoring System), highlights the limitations of traditional security approaches. Xiid SealedTunnel, the world’s first and […]
Security Affairs
Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild.
SC Magazine
CVE-2024-0402, CVSS score 9.9, may affect more than 4,800 unpatched GitLab servers.
HACKRead
CISA is urging all US federal civilian agencies to patch a critical vulnerability (CVE-2023-24955) in Microsoft SharePoint Server by April 16, 2024.
Security Affairs
Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw affecting the Windows software.
Security Affairs
Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges.
Security Affairs
Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw.
The Cyber Express
A critical vulnerability has been discovered within the XZ Utils library (a command line tool for compressing and decompressing XZ
The Cyber Express
The operators of RedTail cryptominer, which was the biggest cryptominer operation last year, have now started to take advantage of
Security Affairs
Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra's GoAnywhere MFT.
The Cyber Express
CISA has added two additional vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024. The two additions have been
Trend Micro
This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.
Cyber Security News
Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.
Security Affairs
CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022. The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 to order federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws or to remove the affected products from their networks by May 23, 2022. The list of impacted […]
SecurityWeek
AI's progress in 2024 and beyond: 2023 was a year of hype, 2024 brings the beginning of AI reality, and 2025 likely to be its delivery.
Security Affairs
Researchers warn of thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints are still unpatched. NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. CVE-2022-27510 flaw is an authentication bypass using an […]
SecurityWeek
CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes.
SecurityWeek
Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape.
Security Affairs
Mozilla addressed two Firefox zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition.
Latest Hacking News
Microsoft rolled out its scheduled Patch Tuesday update for May 2024 this week. Unlike the previous month’s update, this time, the updates address three zero-day vulnerabilities alongside other security fixes. Microsoft May 2024 Patch Tuesday Updates
SecurityWeek
Cyber Insights 2024 Series is based on discussions with hundreds of cybersecurity experts from dozens of companies covering multiple topics.
The Record
Recorded Future News will be providing live coverage from the 2024 RSA Conference in San Francisco.
Security Affairs
Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws.
The Hacker News
Microsoft's latest update tackles a whopping 48 security vulnerabilities! Stay protected with their January 2024 Patch Tuesday fixes
CyberNews
what to expect from the tech industry 2024
The Cyber Express
As the world steps closer to 2024, the cybersecurity industry is poised to witness some transformative changes. The cybersecurity predictions
SecurityWeek
SAP releases 12 security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities.
Security Affairs
Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast.
Security Affairs
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.
The Cyber Express
March 2024 brings a fresh focus on cybersecurity as Microsoft rolls out its latest set of patches, addressing 61 vulnerabilities
The Cyber Express
A critical security flaw, identified as CVE-2023-50969, has recently been discovered in Imperva SecureSphere, a popular on-premise Web Application Firewall
Bleeping Computer
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.
Bleeping Computer
Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.
Bleeping Computer
Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days.
SecurityWeek
Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities.
Bleeping Computer
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
The Cyber Express
The RSA conference 2024 , the world's largest cybersecurity gathering, commenced in San Francisco from May 6 to 9, 2024.
Bleeping Computer
Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.
SecurityWeek
The CVE List and the National Vulnerability Database (NVD) can no longer be considered a single central source of vulnerability truth.
Trend Micro
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Security Affairs
The U.S. CISA added Ivanti EPMM vulnerability CVE-2023-35082 to its Known Exploited Vulnerabilities catalog.
Bleeping Computer
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.
Bleeping Computer
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
Cyber Security News
Microsoft released its first patch on Tuesday of 2024, 49 vulnerabilities have been fixed in Microsoft products & 5 vulnerabilities.
Security Affairs
Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild.
The Hacker News
Multiple China-linked threat actors exploit zero-day flaws in Ivanti appliances (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893).
Bleeping Computer
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
Security Affairs
Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition.
The Cyber Express
As 2023 draws to a close, anticipation builds for the transformative changes expected in 2024, especially in the technology and
Cyber Security News
Oracle has released its Critical Patch Update (CPU) for April 2024, addressing 372 vulnerabilities across multiple products.
Infosecurity News
Get ready for Infosecurity Europe 2024 with these top five picks from Infosecurity Magazine to help you plan your visit
Security Affairs
Adobe addressed a critical vulnerability (CVE-2022-24086) impacting Magento Open Source products that is being actively exploited in the wild. Adobe rolled out security updates to address a critical security vulnerability, tracked as CVE-2022-24086, affecting its Commerce and Magento Open Source products that is being actively exploited in the wild. “Adobe is aware that CVE-2022-24086 has […]
CyberNews
CISA released its 2024 Joint Cyber Defense Collaborative Priorities, which includes election security.
SecurityWeek
Oracle releases 389 new security patches to address 200 vulnerabilities as part of the first Critical Patch Update of 2024.
SecurityWeek
Oracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update.
HACKRead
Silver Spring, United States / Maryland, April 3rd, 2024, CyberNewsWire
Cyber Security News
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow
Bleeping Computer
Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.
CSO
Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out.
Trend Micro
Learn more about how Trend is engineering innovation and resiliency with NEOM McLaren Formula E Team in 2024 and beyond.
SecurityWeek
Participants earned $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software.
Security Affairs
Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings. […]
SecurityWeek
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
SecurityWeek
More than 50 organizations have been added as a CVE Numbering Authority (CNA) in 2022, bringing the total to 260.
The Cyber Express
By Ashish Tandon, Founder & CEO, Indusface In the ever-evolving landscape of digital threats and cyberattacks, the year 2024 demands
CyberNews
Crypto security threats in 2024
SecurityWeek
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
Security Affairs
Microsoft Patch Tuesday security updates for February 2024 addressed 71 flaws, two of which are actively exploited in the wild.
Infosecurity News
Over two-thirds of IT decision-makers increase cybersecurity budgets in 2024, prioritizing cloud security and incident response as cyber threats escalate
Computerworld
Many of the buzziest IT trends — low-code automation, digital employee experience, and yes, even generative AI — are making their way into the major mobility management platforms. Here’s what to look for in 2024 and beyond.
SC Magazine
A CISO job description is a moving target in 2024 as these security leaders face new twists on employment challenges, a 'hostile' regulatory climate and a bevy of new internal and external digital threats.
Trend Micro
Get our take on the RSA 2024 conference where we review some of the major topics covered such as AI and data governance.
Security Affairs
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as “critical” because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was […]
Security Affairs
CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 in attacks in the wild.
The Hacker News
2024 brings new SaaS security challenges. Stay ahead of the curve with insights on democratization, ITDR, and compliance.
Cyber Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a new initiative called "Vulnrichment" aimed at enriching Common Vulnerabilities and Exposures (CVE) records with additional metadata to help organizations better prioritize vulnerability remediation efforts.
Cyber Security News
These flaws could allow attackers to disrupt services by causing a denial of service (DoS) or manipulating user access controls. The vulnerabilities are tracked as CVE-2024-3382, CVE-2024-3383, and CVE-2024-3384.
Latest Hacking News
Apple began the new year 2024 with a zero-day patch that it simultaneously released for its numerous products. The tech giant confirmed active exploitation of the zero-day vulnerability that affected Apple TVs, Macs, and iOS
Security Affairs
Lexmark released a security firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models. Lexmark has released a security firmware update to address a remote code execution vulnerability, tracked as CVE-2023-23560, that impacts more than 100 printer models. The CVE-2023-23560 flaw is a server-side request forgery […]
SecurityWeek
Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware.
The Cyber Express
As the Middle East braces for escalating cyber threats, the upcoming GISEC Global 2024 event emerges as a pivotal platform
SecurityWeek
In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major cyber threat indicators.
Security Affairs
Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) flaw in Zoho ManageEngine. Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) in attacks in the wild, Bitdefender Labs reported. “Starting on January 20 2023, Bitdefender Labs started to notice a global increase in attacks using the ManageEngine exploit CVE-2022-47966.” reads the […]
Loading more articles....