Threats & Malware, Vulnerabilities
July 26, 2023
Via: SecurityWeekTwo of these flaws, tracked as CVE-2023-21554 and CVE-2023-28302, could lead to remote code execution (RCE) and denial-of-service (DoS) and were addressed by Microsoft with its April 2023 Patch Tuesday updates. No CVE identifier has been provided for the third […]
Threats & Malware, Vulnerabilities
July 25, 2023
Via: The Hacker NewsAtlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below […]
Threats & Malware, Vulnerabilities
July 24, 2023
Via: The Hacker NewsZero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, […]
Application security, Security
July 20, 2023
Via: The Hacker NewsMultiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. “Attackers can bring the application into […]
Threats & Malware, Vulnerabilities
July 13, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). “The results and impact of […]
July 7, 2023
Via: The Hacker NewsGoogle has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory […]
Application security, Security
July 5, 2023
Via: The Hacker NewsThe npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. “A npm package’s […]
Threats & Malware, Vulnerabilities
July 3, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a set of eight flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link […]
Threats & Malware, Vulnerabilities
June 28, 2023
Via: The Hacker NewsMultiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. “These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements,” SonarSource researcher Thomas […]
June 26, 2023
Via: Dark ReadingWidespread attacks against companies and government agencies through a trio of zero-day vulnerabilities in the MOVEit Managed File Transfer platform has granted notoriety to the Cl0p ransomware group. The list of affected data continues to grow, including personal data on […]
Threats & Malware, Vulnerabilities
June 26, 2023
Via: SecurityWeekTracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, these high-severity issues could be exploited to exhaust the available memory, or could cause named – BIND’s daemon that functions both as a recursive resolver and as an authoritative name server – to crash. […]
Threats & Malware, Vulnerabilities
June 14, 2023
Via: The Hacker NewsTwo “dangerous” security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks. “The vulnerabilities allowed unauthorized access to the victim’s session within the compromised Azure […]
Application security, Security
June 13, 2023
Via: The Hacker NewsIt might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that […]
Threats & Malware, Vulnerabilities
June 12, 2023
Via: The Hacker NewsSecurity vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. “Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account,” […]
Application security, Security
May 30, 2023
Via: The Hacker NewsMultiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different […]
Threats & Malware, Vulnerabilities
May 25, 2023
Via: The Hacker NewsZyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities […]
May 25, 2023
Via: Dark ReadingGoogle has fixed a critical flaw in its Google Cloud Platform’s database service that researchers used to gain access to sensitive data and secrets, as well as escalate privileges to breach other cloud services, including potentially those in customer environments. […]
Threats & Malware, Vulnerabilities
May 19, 2023
Via: The Hacker NewsApple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed […]
Threats & Malware, Vulnerabilities
May 18, 2023
Via: The RegisterCisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment. Specifically, the flaws in the web user interface can be used to run […]
Threats & Malware, Vulnerabilities
May 10, 2023
Via: The Hacker NewsMicrosoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro’s Zero Day Initiative (ZDI) said the volume is the […]