Infosecurity News
US Government IIS Server Breached via Telerik Software Flaw
The critical vulnerability allows remote code execution and was assigned a CVSS v3.1 score of 9.8
Infosecurity News
The critical vulnerability allows remote code execution and was assigned a CVSS v3.1 score of 9.8
Bleeping Computer
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
Security Affairs
HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. HP is aware of a critical vulnerability, tracked as CVE-2023-1707 (CVSS v3.1 score 9.1), that affects tens of HP Enterprise LaserJet and HP LaserJet Managed Printers models. The exploitation of the […]
Security Affairs
WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has forced the update of the UpdraftPlus plugin around three million sites to address a high-severity vulnerability, tracked as CVE-2022-0633 (CVSS v3.1 score of 8.5) that can allow website subscribers to download the latest database backups, which could potentially […]
Cyber Security News
BMC firmware from Lanner has been found to contain over a dozen vulnerabilities that could allow remote attacks
Bleeping Computer
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server.
Bleeping Computer
Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products.
Bleeping Computer
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.
Bleeping Computer
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.
Bleeping Computer
The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to write, update, or delete SQL databases regardless of their permissions.
Bleeping Computer
APC's Easy UPS Online Monitoring Software is vulnerable to unauthenticated arbitrary remote code execution, allowing hackers to take over devices and, in a worst-case scenario, disabling its functionality altogether.
The Cyber Express
The Cybersecurity and Infrastructure Security Agency (CISA) has published three advisories addressing security issues, vulnerabilities, and potential exploits in Industrial
Bleeping Computer
Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.
The Hacker News
FIRST announces CVSS v4.0, the latest version of the Common Vulnerability Scoring System. Discover how this update addresses critical vulnerabilities.
The Cyber Express
Carrier has issued a serious product security advisory confirming the existence of several vulnerabilities in its LenelS2 NetBox access control
Bleeping Computer
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
Bleeping Computer
NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.
Bleeping Computer
F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
Bleeping Computer
Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites.
Bleeping Computer
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link's Tapo app, which could allow attackers to steal their target's WiFi password.
Bleeping Computer
Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers.
Bleeping Computer
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
Bleeping Computer
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
Bleeping Computer
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
Infosecurity News
Some 73 vulnerabilities have been resolved this month
Security Affairs
Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator. Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host. Aruba EdgeConnect Orchestrator is a centralized SD-WAN management solution that allows enterprises to control their WAN. Below are the vulnerabilities addressed […]
Bleeping Computer
Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.
Bleeping Computer
Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks.
Bleeping Computer
Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.
Bleeping Computer
Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild.
Bleeping Computer
A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.
Security Affairs
Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit […]
Security Affairs
Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Below is the list of the four vulnerabilities, the most severe one is a command injection flaw in some CLI commands […]
Bleeping Computer
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks.
Infosecurity News
Microsoft issues updates for over 100 flaws
Bleeping Computer
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.
Bleeping Computer
Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202.
Bleeping Computer
The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources.
Cyber Security News
HP Enterprise LaserJet and HP LaserJet Managed printers may be susceptible to information exposure when IPsec is enabled.
Cyber Security News
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow
Bleeping Computer
Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication.
Infosecurity News
A flaw in the Rust standard library exposes Windows systems to command injection attacks
Bleeping Computer
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
Bleeping Computer
Hackers exploit a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator accounts.
Bleeping Computer
HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers.
Bleeping Computer
WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which often contain credentials and PII.
Bleeping Computer
Proof-of-concept exploits for vulnerabilities in Netgear's Orbi 750 series router and extender satellites have been released, with one flaw a critical severity remote command execution bug.
Security Affairs
Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). Google Cloud Security and Project Zero researchers, working with Intel experts, discovered multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). The Intel Trust Domain Extensions (Intel® TDX) allows to deploy hardware-isolated, virtual machines (VMs) called trust domains […]
Bleeping Computer
Threat researchers investigating malware used to target companies in the aerospace and telecommunications sectors discovered a new threat actor that has been running cyber espionage campaigns since at least 2018.
Security Affairs
Cisco Talos researchers published PoC exploits for vulnerabilities in Netgear Orbi 750 series router and extender satellites. Netgear Orbi is a line of mesh Wi-Fi systems designed to provide high-speed, reliable Wi-Fi coverage throughout a home or business. The Orbi system consists of a main router and one or more satellite units that work together […]
ZDNet
A heap overflow bug was recently discovered in the Linux kernel. The patch is available now in most major Linux distributions.
Ars Technica
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication.
Bleeping Computer
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
Bleeping Computer
Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday.
Security Affairs
Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate. The BotenaGo botnet was first spotted in November 2021 by researchers at AT&T, the malicious code leverages thirty-three exploits to target millions of routers and IoT devices. BotenaGo was written in Golang (Go) and at the […]
The Hacker News
XWorm: The new kid on the malware block. ANY.RUN's analysts dive deep to expose its tactics and evasion techniques.