Top

Tag: Vulnerability


Threats & Malware, Vulnerabilities

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

May 8, 2024

Via: Security Affairs

Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially […]


Threats & Malware, Vulnerabilities

Massive security hole in VPNs shows their shortcomings as a defensive measure

May 8, 2024

Via: CSO Online

Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. A massive security hole in virtual private networks (VPNs) reported this week highlights the […]


Threats & Malware, Vulnerabilities

Google fixed critical Chrome vulnerability CVE-2024-4058

April 25, 2024

Via: Security Affairs

Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability to execute […]


Threats & Malware, Vulnerabilities

Palo Alto Networks Warns of Exploited Firewall Vulnerability

April 12, 2024

Via: Security Week

Tracked as CVE-2024-3400 and assigned a severity score of 10 out of 10, the security defect was identified in the GlobalProtect feature of PAN-OS, the operating system running on Palo Alto Networks appliances. “A command injection vulnerability in the GlobalProtect […]


Threats & Malware, Vulnerabilities

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

March 14, 2024

Via: The Hacker News

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS […]


Threats & Malware, Vulnerabilities

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

March 8, 2024

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: […]


Threats & Malware, Vulnerabilities

Zoom stomps critical privilege escalation bug plus 6 other flaws

February 15, 2024

Via: The Register

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw. Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation […]


Cyber-crime, Identity theft

Meta says risk of account theft after phone number recycling isn’t its problem to solve

February 13, 2024

Via: The Register

Meta has acknowledged that phone number reuse that allows takeovers of its accounts “is a concern,” but the ad biz insists the issue doesn’t qualify for its bug bounty program and is a matter for telecom companies to sort out. […]


Threats & Malware, Virus & Malware

Cybercrime duo accused of picking $2.5M from Apple’s orchard

February 8, 2024

Via: The Register

A cybersecurity researcher and his pal are facing charges in California after they allegedly defrauded an unnamed company, almost certainly Apple, out of $2.5 million. Noah Roskin-Frazee and Keith Latteri are alleged to have gained access to Apple’s systems via […]


Threats & Malware, Vulnerabilities

JetBrains urges swift patching of latest critical TeamCity flaw

February 7, 2024

Via: The Register

JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows […]


Threats & Malware, Vulnerabilities

Critical vulnerability in Mastodon is pounced upon by fast-acting admins

February 2, 2024

Via: The Register

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]


Threats & Malware, Vulnerabilities

Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks

January 31, 2024

Via: The Register

Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]


Threats & Malware, Vulnerabilities

Using GoAnywhere MFT for file transfers? Patch now – an exploit’s out for a critical bug

January 24, 2024

Via: The Register

Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication […]


Threats & Malware, Vulnerabilities

SEC X Account Hack: SIM Swap Exposed Vulnerability

January 24, 2024

Via: SecureWorld

On January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]


Access control, Security

IT consultant fined for daring to expose shoddy security

January 19, 2024

Via: The Register

A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere […]


Threats & Malware, Vulnerabilities

Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

January 16, 2024

Via: The Register

GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to […]


Application security, Security

Beware, all Windows and Mac devices possibly at risk – dangerous Opera security flaw could have allowed hackers to run any file they want

January 16, 2024

Via: TechRadar

Opera, a popular Chromium-based browser, was found carrying a vulnerability that would allow hackers to install pretty much any file on both Windows and macOS operating systems. The vulnerability was discovered by cybersecurity researchers from Guardio Labs, who notified the […]


Threats & Malware, Vulnerabilities

Terrapin attack allows to downgrade SSH protocol security

January 2, 2024

Via: Security Affairs

Security researchers from Ruhr University Bochum (Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk) discovered a vulnerability, called Terrapin (CVE-2023-48795, CVSS score 5.9), in the Secure Shell (SSH) cryptographic network protocol. An attacker can trigger the flaw to downgrade the connection’s security […]


Mobile, Mobile security

Kaspersky reveals previously unknown hardware ‘feature’ exploited in iPhone attacks

December 28, 2023

Via: The Register

Kaspersky’s Global Research and Analysis Team (GReAT) has exposed a previously unknown “feature” in Apple iPhones that allowed malware to bypass hardware-based memory protection. Addressed as CVE-2023-38606, which was patched in July 2023, the issue affected iPhones running iOS versions […]


Threats & Malware, Vulnerabilities

Four in five Apache Struts 2 downloads are for versions featuring critical flaw

December 21, 2023

Via: The Register

Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. The vulnerability, tracked as CVE-2023-50164, is rated 9.8 out of 10 […]