Security News

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

2024-08-28 08:46

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials...

#critical #CVE #fortra #vulnerability #CVE-2024-6633

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

2024-08-27 15:47

Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed...

#compromise #CVE #ISP #MSP #zeroday #CVE-2024-39717

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

2024-08-27 04:45

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as...

#chrome #CVE #exploitation #google #security #CVE-2024-7965

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

2024-08-26 18:28

SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash...

#critical #CVE #firewall #sonicwall #CVE-2024-40766

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

2024-08-23 10:26

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the...

#critical #CVE #solarwinds #WEB #CVE-2024-28987 #CVE-2024-28986

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

2024-08-22 12:19

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents....

#bypass #critical #CVE #github #server #CVE-2024-6800

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)

2024-08-22 08:47

A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type...

#chrome #CVE #patch #zeroday #CVE-2024-7971

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

2024-08-20 12:59

CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital...

#0day #CVE #hacker #northkorean #windows #CVE-2024-38193

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

2024-08-15 11:44

SolarWinds has fixed a critical vulnerability in its Web Help Desk solution that may allow attackers to run commands on the host machine. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," the company advises.

#critical #CVE #RCE #solarwinds #WEB #CVE-2024-28986

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

2024-08-12 10:23

A new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Once attackers get a victim's NTLM hash, they can relay it another service and authenticate as the victim.

#CVE #leak #ntlm #office #CVE-2024-38200

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News