Top

Category: Vulnerabilities


Threats & Malware, Vulnerabilities

New Attack Shows Risks of Browsers Giving Websites Access to GPU 

March 18, 2024

Via: Security Week

The research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the […]


Threats & Malware, Vulnerabilities

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

March 14, 2024

Via: The Hacker News

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS […]


Threats & Malware, Vulnerabilities

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

March 8, 2024

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: […]


Threats & Malware, Vulnerabilities

In the vanguard of 21st century cyber threats

March 1, 2024

Via: The Register

The quantum threat might seem futuristic, more like something you’d encounter in a science fiction film. But it’s arguably already a danger to real cyber security defences. Strengthening those defences relies heavily on knowledge and preparation. Arqit can help you […]


Threats & Malware, Vulnerabilities

Multiple XSS flaws in Joomla can lead to remote code execution

February 22, 2024

Via: Security Affairs

The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [20240201] –CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did […]


Threats & Malware, Vulnerabilities

Zoom stomps critical privilege escalation bug plus 6 other flaws

February 15, 2024

Via: The Register

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw. Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation […]


Threats & Malware, Vulnerabilities

Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

February 9, 2024

Via: The Register

We’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell. It […]


Threats & Malware, Vulnerabilities

Raspberry Robin devs are buying exploits for faster attacks

February 8, 2024

Via: The Register

Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to […]


Threats & Malware, Vulnerabilities

Raspberry Pi Pico cracks BitLocker in under a minute

February 7, 2024

Via: The Register

We’re very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company […]


Threats & Malware, Vulnerabilities

JetBrains urges swift patching of latest critical TeamCity flaw

February 7, 2024

Via: The Register

JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows […]


Threats & Malware, Vulnerabilities

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

February 6, 2024

Via: The Register

Fortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]


Threats & Malware, Vulnerabilities

Critical vulnerability in Mastodon is pounced upon by fast-acting admins

February 2, 2024

Via: The Register

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]


Threats & Malware, Vulnerabilities

Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks

January 31, 2024

Via: The Register

Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]


Threats & Malware, Vulnerabilities

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

January 31, 2024

Via: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]


Threats & Malware, Vulnerabilities

Reg story prompts fresh security bulletin, review of Juniper Networks’ CVE process

January 30, 2024

Via: The Register

Juniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication. The update, which happened late last week, comes hot on the heels of reporting from El Reg that highlighted […]


Threats & Malware, Vulnerabilities

Multiple vulnerabilities discovered in widely used security driver

January 25, 2024

Via: Naked Security

In July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access Driver) on a protected machine. The driver is owned by Panda Security and used in many of their products. Due […]


Threats & Malware, Vulnerabilities

Using GoAnywhere MFT for file transfers? Patch now – an exploit’s out for a critical bug

January 24, 2024

Via: The Register

Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication […]


Threats & Malware, Vulnerabilities

SEC X Account Hack: SIM Swap Exposed Vulnerability

January 24, 2024

Via: SecureWorld

On January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]


Threats & Malware, Vulnerabilities

Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

January 16, 2024

Via: The Register

GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to […]


Threats & Malware, Vulnerabilities

Patch now: Critical VMware, Atlassian flaws found

January 16, 2024

Via: The Register

VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection […]