Security News

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)
2024-12-18 09:39

BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code...

BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products
2024-12-18 09:15

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands....

Critical security hole in Apache Struts under exploit
2024-12-17 21:57

You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available...

New critical Apache Struts flaw exploited to find vulnerable servers
2024-12-17 18:04

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. [...]

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
2024-12-17 15:27

Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. [...]

Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
2024-12-13 23:56

IOCONTROL targets IoT and OT devices from a ton of makers, apparently An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and...

CISA confirms critical Cleo bug exploitation in ransomware attacks
2024-12-13 21:24

CISA confirmed today that a critical remote code execution bug in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. [...]

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
2024-12-13 16:48

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The...

New IOCONTROL malware used in critical infrastructure attacks
2024-12-12 20:46

Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...]

Cleo patches critical zero-day exploited in data theft attacks
2024-12-12 17:03

Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. [...]