Security News

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

2024-09-17 09:55

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more...

#cloud #CVE #exploit #ivanti #POC #CVE-2024-8190

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

2024-09-16 12:40

CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack...

#0day #APT #CVE #microsoft #CVE-2024-38112 #CVE-2024-43461

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

2024-09-12 12:05

Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution:...

#adobe #CVE #exploit #POC #CVE-2024-41869 #CVE-2024-45112 #CVE-2024-39383

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

2024-09-11 11:50

Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute...

#critical #CVE #endpoint #ivanti #management #vulnerabilities #CVE-2024-29847

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

2024-09-10 12:26

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known...

#cisa #CVE #sonicwall #vulnerability #CVE-2024-40766

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

2024-09-10 09:01

Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About...

#commandinjection #critical #CVE #NAS #zyxel #CVE-2024-6342

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

2024-09-09 11:45

CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher...

#backup #CVE #ransomware #RCE #veeam #CVE-2024-40711

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

2024-09-06 10:01

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote...

#apache #critical #CVE #RCE #vulnerability #CVE-2024-45195

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

2024-09-03 12:47

Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many...

#critical #CVE #router #zyxel #CVE-2024-7261

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

2024-08-28 09:00

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East...

#APT #aptgroup #CVE #exploit #office #RCE #vulnerability #windows #CVE-2024-7262 #CVE-2924-7263

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News