Security News

Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE
2024-09-01 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) SonicWall has patched a...

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
2024-08-28 09:00

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East...

CISA warns of Jenkins RCE bug exploited in ransomware attacks
2024-08-19 19:16

​CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]

CISA warns critical SolarWinds RCE bug is exploited in attacks
2024-08-16 16:33

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
2024-08-15 11:44

SolarWinds has fixed a critical vulnerability in its Web Help Desk solution that may allow attackers to run commands on the host machine. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," the company advises.

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
2024-08-14 20:51

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6...

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled
2024-08-14 20:51

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6...

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
2024-08-14 15:22

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a...

Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers
2024-08-09 21:40

Central to the issue, dubbed Bucket Monopoly, is an attack vector referred to as Shadow Resource, which, in this case, refers to the automatic creation of an AWS S3 bucket when using services like CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar. An attacker could take advantage of this behavior to set up buckets in unused AWS regions and wait for a legitimate AWS customer to use one of the susceptible services to gain covert access to the contents of the S3 bucket.

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
2024-08-09 18:18

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution and local privilege escalation. CVE-2024-27459 - A stack overflow vulnerability leading to a Denial-of-service and LPE in Windows.