Threats & Malware, Vulnerabilities
February 7, 2024
Via: The RegisterWe’re very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company […]
Threats & Malware, Vulnerabilities
February 7, 2024
Via: The RegisterJetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows […]
Threats & Malware, Vulnerabilities
February 6, 2024
Via: The RegisterFortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]
Threats & Malware, Vulnerabilities
February 2, 2024
Via: The RegisterMastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: The RegisterSecurity researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: Security AffairsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]
Threats & Malware, Vulnerabilities
January 30, 2024
Via: The RegisterJuniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication. The update, which happened late last week, comes hot on the heels of reporting from El Reg that highlighted […]
Threats & Malware, Vulnerabilities
January 25, 2024
Via: Naked SecurityIn July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access Driver) on a protected machine. The driver is owned by Panda Security and used in many of their products. Due […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: The RegisterSecurity experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: SecureWorldOn January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]
Threats & Malware, Vulnerabilities
January 16, 2024
Via: The RegisterGitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to […]
Threats & Malware, Vulnerabilities
January 16, 2024
Via: The RegisterVMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection […]
Threats & Malware, Vulnerabilities
January 9, 2024
Via: The RegisterMicrosoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are under active exploit, […]
Threats & Malware, Vulnerabilities
January 2, 2024
Via: Security AffairsSecurity researchers from Ruhr University Bochum (Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk) discovered a vulnerability, called Terrapin (CVE-2023-48795, CVSS score 5.9), in the Secure Shell (SSH) cryptographic network protocol. An attacker can trigger the flaw to downgrade the connection’s security […]
Threats & Malware, Vulnerabilities
December 27, 2023
Via: TechRadarEvery year since its inception, hackers have stolen more cryptocurrencies than the previous year, until 2023, new research has claimed. Data presented on the REKT platform, which keeps track of all the different crypto-related hacks and thefts, says that in […]
Threats & Malware, Vulnerabilities
December 21, 2023
Via: The RegisterSecurity vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. The vulnerability, tracked as CVE-2023-50164, is rated 9.8 out of 10 […]
Threats & Malware, Vulnerabilities
December 20, 2023
Via: The RegisterA vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people’s connections, if conditions are right. In a successful man-in-the-middle attack, the adversary may be able to force SSH clients to use […]
Threats & Malware, Vulnerabilities
December 19, 2023
Via: The RegisterFour vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]
Threats & Malware, Vulnerabilities
December 19, 2023
Via: SecureWorldThis morning, the Qualys Threat Research Unit released its 2023 Threat Landscape Year in Review report. In 2023, the Qualys Threat Research Unit (TRU) witnessed a critical trend in exploiting high-risk vulnerabilities. Its analysis reveals a startling insight into how […]
Threats & Malware, Vulnerabilities
December 15, 2023
Via: Security AffairspfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The […]