Cyber Security News
Firefox 120 Released With Security Updates: What’s New!
10 vulnerabilities are patched, including six 'High Severity' issues and two moderate and low severity issues are fixed.
Cyber Security News
10 vulnerabilities are patched, including six 'High Severity' issues and two moderate and low severity issues are fixed.
SecurityWeek
A high-severity DoS vulnerability tracked as CVE-2022-0778 has been patched in OpenSSL.
CyberSecurity Dive
Marsh data shows rate increases slowing, stemming from new entrants into the cyber insurance market, companies adding controls and fewer ransomware attacks in 2022.
Trend Micro
Trend’s seventh edition of the Cyber Risk Index (CRI) reveals an in-depth analysis of cyber threat and vulnerabilities
Cyber Security News
With the release of Mozilla Firefox 117, 13 vulnerabilities are patched, including seven 'High Severity' flaws and four memory corruption flaws.
SecurityWeek
Firefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape.
SecurityWeek
ISC has announced patches for multiple high-severity vulnerabilities impacting the BIND DNS software.
SecurityWeek
Firefox and Chrome updates released this week resolve multiple high-severity memory safety vulnerabilities.
SecurityWeek
Firefox 116 was released with patches for high-severity vulnerabilities, some of which can lead to remote code execution or sandbox escapes.
SecurityWeek
A Chrome 120 security update resolves nine vulnerabilities, including five high-severity flaws reported externally.
SecurityWeek
The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version.
SecurityWeek
Cisco releases patches for high-severity denial-of-service and elevation of privilege vulnerabilities in IOS RX software.
SecurityWeek
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products.
SecurityWeek
Chrome and Firefox security updates resolve over 35 vulnerabilities, including a dozen high-severity bugs.
SecurityWeek
Google has released another weekly Chrome update, to address four high-severity vulnerabilities reported by external researchers.
SecurityWeek
Atlassian has released patches for multiple high-severity vulnerabilities in Jira, Confluence, Bitbucket, and Bamboo products.
SecurityWeek
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates.
SecurityWeek
Google has patched several high and moderate-severity Chromecast vulnerabilities demonstrated earlier this year at a hacking competition.
SecurityWeek
Chrome 108 arrives with patches for 28 vulnerabilities, including multiple high-severity memory safety issues.
SecurityWeek
Google released a Chrome 125 update to resolve four high-severity vulnerabilities reported by external researchers.
SecurityWeek
Jenkins has announced patches for high and medium-severity vulnerabilities impacting several of the open source automation tool’s plugins.
SecurityWeek
Mozilla has patched high-severity spoofing, privacy and remote code execution vulnerabilities in Firefox and Thunderbird.
SecurityWeek
Cisco has patched high-severity vulnerabilities in its Enterprise NFV, Expressway and TelePresence products.
SecurityWeek
SAP releases 12 security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities.
SecurityWeek
Cisco has announced patches for 12 vulnerabilities in its IOS and IOS XE software, including 10 rated ‘high severity’.
Security Affairs
Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw impacting Windows installs.
SecurityWeek
Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space.
CSO
The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.
SecurityWeek
Two high-severity vulnerabilities in QNAP’s operating system could lead to command execution over the network.
SecurityWeek
Android’s November 2022 security updates patch over 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.
SecurityWeek
The latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely.
SecurityWeek
SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues.
SecurityWeek
Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities.
SecurityWeek
A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs.
SecurityWeek
Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities.
Bleeping Computer
Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.
SecurityWeek
Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence.
The Hacker News
A high-severity bug (CVE-2024-0200) could've allowed attackers to access credentials in production containers on GitHub.
SecurityWeek
Fortinet has announced patches for multiple vulnerabilities across products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.
Cyber Security News
A critical-severity SQL injection flaw and two other high-severity vulnerabilities have been fixed in MOVEit Transfer, the software at the focus of the recent widespread Clop ransomware outbreaks.
SecurityWeek
Cisco patches a high-severity SQL injection vulnerability in Unified CM and Unified CM SME.
SecurityWeek
Cisco has patched high-severity vulnerabilities in enterprise applications that could lead to privilege escalation, SQL injection, and DoS
Bleeping Computer
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.
SecurityWeek
Intel has released patches for multiple vulnerabilities across its product portfolio, including a series of high-severity vulnerabilities in the BIOS firmware of several processor models.
Infosecurity News
This year’s EU elections will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats
Cyber Security News
Google Chrome Security Update - Multiple High-severity vulnerabilities patched on every nook and corner to make it as secure as possible.
The Hacker News
High-severity security flaw in PaperCut print management software for Windows! CVE-2023-39143 enables remote code execution.
The Hacker News
CISA adds high-severity flaw in Service Location Protocol (SLP) to Known Exploited Vulnerabilities list.
SecurityWeek
A high-severity vulnerability in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software could lead to the leak of an RSA private key.
SecurityWeek
IBM has released patches for multiple high-severity vulnerabilities in Netezza for Cloud Pak for Data, Voice Gateway, and SiteProtector system.
SecurityWeek
Fortinet has released patches for a high-severity cross-site scripting vulnerability impacting its enterprise firewalls and switches.
Security Affairs
Zoom addressed four “high” severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs addressed by the company: CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers. The issue affects Rooms for Windows […]
Security Affairs
Cisco this week addressed high-severity elevation of privilege and denial-of-service (DoS) vulnerabilities in IOS RX software.
The Hacker News
Researchers detail a recently reported high-severity vulnerability in Fastjson library that could potentially be exploited for remote code execution.
Cyber Security News
Security fixes have been issued that address three high-severity vulnerabilities in several versions of ISC's BIND DNS Flaw 9
SecurityWeek
Many high-severity privilege escalation vulnerabilities have been patched in Intel firmware and software with the first round of security updates released in 2022.
Bleeping Computer
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
The Hacker News
Bosch's smart devices have high-severity vulnerabilities, posing a risk to your thermostat and smart nutrunners
SecurityWeek
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
Bleeping Computer
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.
SecurityWeek
Google has released a Chrome 105 update that addresses 11 vulnerabilities, including 7 high-severity bugs reported by external researchers.
SecurityWeek
Fortinet has released patches for multiple vulnerabilities across its product portfolio and warned of a high-severity command injection bug in FortiADC.
Cyber Security News
Two high-severity security vulnerabilities recently discovered and patched by the OpenSSL Project in its open-source cryptographic library.
SecurityWeek
Google has released an update for the Chrome browser to address multiple high-severity use-after-free vulnerabilities.
SecurityWeek
ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted.
SecurityWeek
Google has released a Chrome 107 update to address 10 vulnerabilities, including six high-severity issues reported by external researchers.
The Hacker News
Researchers have uncovered multiple high-severity flaws in the open source OpenLiteSpeed Web Server and its enterprise variant.
Security Affairs
Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 […]
Bleeping Computer
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility.
Security Affairs
Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution.
The Hacker News
VMware releases security patch updates for multiple high-severity vulnerabilities affecting ESXi, Workstation, Fusion, and Cloud Foundation products.
Ars Technica
"ToxMod" will automatically flag spoken harassment, bullying, and discrimination.
The Hacker News
Google has patched a high-severity vulnerability in its OAuth library for Java that could be exploited by a malicious actor with a compromised tokens.
The Hacker News
A new high-severity remote code execution vulnerability (CVE-2021-44521) has been reported in Apache Cassandra NoSQL database software.
Bleeping Computer
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.
Cyber Security News
Mozilla has recently launched Firefox 118, which addresses a total of nine security vulnerabilities. Notably, this release effectively resolves six high-severity vulnerabilities.
Security Affairs
Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […]
Security Affairs
Cisco fixed high-severity flaws in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence. Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence. “Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series Software […]
The Hacker News
Cisco releases patches for a high-severity vulnerability affecting ASA and Firepower solutions.
Bleeping Computer
Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February.
The Hacker News
Several high-severity firmware security vulnerabilities found in HP's high-end business devices remain unpatched months after being reported publicly.
Security Affairs
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as “critical” because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was […]
SecurityWeek
Cisco has announced patches for a high-severity escalation of privilege vulnerability in AsyncOS for Cisco Secure Web Appliance.
The Hacker News
Researchers have discovered 16 new high-severity vulnerabilities in UEFI firmware impacting multiple HP enterprise devices.
Bleeping Computer
Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing unpatched devices to remote code execution and denial of service (DoS) attacks.
The Hacker News
Thousands of Openfire XMPP servers remain unpatched against a high-severity flaw, CVE-2023-32315, exposing them to exploits.
SecurityWeek
Several high-severity vulnerabilities that can be exploited for arbitrary code execution have been patched in Omron’s CX-Programmer PLC programming software.
The Hacker News
Multiple high-severity vulnerabilities discovered in ConnectedIO's routers and cloud platform could let hackers execute malicious code.
The Hacker News
Cisco warns of an unpatched, high-severity flaw affecting IP Phone 7800 and 8800 series IP phones, for which a public proof-of-concept exploit is avai
Ars Technica
Vulnerability had a 8.8 severity rating. Valve took its time patching anyway.
The Hacker News
CISA warns of high-severity vulnerabilities in Schneider Electric Easergy P5 and P3 and GE Proficy CIMPLICITY SCADA Software.
DarkReading
Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.
Security Affairs
Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a […]
DarkReading
Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet's FortiSIEM cybersecurity operations platform.
Security Affairs
Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of flaws addressed by […]
Security Affairs
Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead […]
Bleeping Computer
Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.
The Hacker News
New high-severity vulnerabilities have been discovered in Cisco IOx and F5 BIG-IP products. Protect your organization by staying informed.
Security Affairs
The Internet Systems Consortium (ISC) fixed six remotely exploitable vulnerabilities in the BIND DNS software. The Internet Systems Consortium (ISC) this week released security patches to address six remotely exploitable vulnerabilities in BIND DNS software. Four out of six flaws, all denial-of-service (DoS) issue, have been rated as ‘high’ severity. One of the issues, tracked […]
Naked Security
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English…
Loading more articles....