Security News

VMware fixes critical vCenter RCE vulnerability, patch now
2024-06-18 18:08

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. VMware vCenter Server is a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts.

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
2024-06-13 17:21

A proof-of-concept exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. CVE-2024-29855, rated 9.0 as per CVSS v3.1, is an authentication bypass vulnerability impacting Veeam Recovery Orchestrator versions 7.0.0.337 and 7.1.0.205 and older.

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
2024-06-11 17:31

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. This Patch Tuesday fixed 18 RCE flaws but only one critical vulnerability, a remote code execution vulnerability in Microsoft Message Queuing.

Exploit for critical Veeam auth bypass available, patch now
2024-06-10 15:05

A proof-of-concept exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. Veeam issued a security bulletin about the critical flaw on May 21, warning about a critical vulnerability enabling remote unauthenticated attackers to log in to VBEM's web interface as any user.

Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast
2024-06-09 08:00

High-risk Atlassian Confluence RCE fixed, PoC availableIf you're self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw for which a PoC and technical details are already public. Kali Linux 2024.2 released: 18 new tools, countless updatesKali Linux 2024.2 is now available.

June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft
2024-06-07 05:13

May 2024 Patch Tuesday was unusual because we had security updates from Adobe, Apple, Google, Mozilla, and Microsoft on the same day. On the Microsoft front, the only Critical update was for Sharepoint Server, but there were important updates for Windows 11 with 41 CVEs addressed and Windows 10 with 47 CVEs addressed.

Zyxel issues emergency RCE patch for end-of-life NAS devices
2024-06-04 17:28

Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. Although both NAS models reached the end of their support period on December 31, 2023, Zyxel released fixes for the three critical flaws in versions 5.21(AAZF.17)C0 for NAS326 and 5.21(ABAG.14)C0 for NAS542.

Exploit for critical Progress Telerik auth bypass released, patch now
2024-06-03 17:58

Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers. Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.

Check Point warns customers to patch VPN vulnerability under active exploitation
2024-06-03 12:02

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
2024-05-30 17:45

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence...