Security News

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
2024-08-15 11:44

SolarWinds has fixed a critical vulnerability in its Web Help Desk solution that may allow attackers to run commands on the host machine. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," the company advises.

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
2024-08-14 20:51

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6...

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled
2024-08-14 20:51

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6...

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
2024-08-14 15:22

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a...

Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers
2024-08-09 21:40

Central to the issue, dubbed Bucket Monopoly, is an attack vector referred to as Shadow Resource, which, in this case, refers to the automatic creation of an AWS S3 bucket when using services like CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar. An attacker could take advantage of this behavior to set up buckets in unused AWS regions and wait for a legitimate AWS customer to use one of the susceptible services to gain covert access to the contents of the S3 bucket.

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
2024-08-09 18:18

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution and local privilege escalation. CVE-2024-27459 - A stack overflow vulnerability leading to a Denial-of-service and LPE in Windows.

Cisco warns of critical RCE zero-days in end of life IP phones
2024-08-08 21:27

Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. [...]

CISA warns about actively exploited Apache OFBiz RCE flaw
2024-08-08 19:43

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. [...]

Critical Progress WhatsUp RCE flaw now under active exploitation
2024-08-07 15:34

Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. [...]

Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
2024-08-06 17:13

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. [...]