Security News

ScreenConnect critical bug now under attack as exploit code emerges
2024-02-21 17:18

CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, which the vendor assessed as a maximum severity authentication bypass and a high-severity path traversal flaw that impact ScreenConnect servers 23.9.7 and earlier. Threat actors have compromised multiple ScreenConnect accounts, as confirmed by the company in an update to its advisory, based on incident response investigations.

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk
2024-02-21 05:34

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the...

ConnectWise urges ScreenConnect admins to patch critical RCE flaw
2024-02-20 16:48

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. ConnectWise has yet to assign CVE IDs to the two security flaws that impact all servers running ScreenConnect 23.9.7 and prior.

Critical infrastructure software maker confirms ransomware attack
2024-02-20 14:36

PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. The company operates at a global level with a staff of more than 2,000 and specializes in software solutions for major energy suppliers.

Critical Flaws Found in ConnectWise ScreenConnect Software  - Patch Now
2024-02-20 10:38

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on...

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!
2024-02-20 10:02

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. ConnectWise ScreenConnect is a remote desktop software solution popular with managed services providers and businesses they offer services to, as well as help desk teams.

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
2024-02-20 09:08

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600...

Hackers exploit critical RCE flaw in Bricks WordPress site builder
2024-02-19 17:55

Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven visual site builder.

SolarWinds fixes critical RCE bugs in access rights audit solution
2024-02-16 18:32

SolarWinds has patched five remote code execution flaws in its Access Rights Manager solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.

Zoom stomps critical privilege escalation bug plus 6 other flaws
2024-02-15 15:30

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw. Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation for unauthenticated users via network access.