Security News

When is One Vulnerability Scanner Not Enough?

2024-05-02 10:25

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware...

#vulnerability

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

2024-05-02 06:15

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in...

#cisa #exploitation #gitlab #vulnerability #CVE-2023-7028

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

2024-04-29 10:50

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in...

#attack #supplychain #vulnerability #CVE-2024-27322

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

2024-04-24 11:52

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.

#critical #CVE #POC #progress #vulnerability #CVE-2024-2389

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

2024-04-16 16:36

A vulnerability in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the "Heavily biased" ECDSA nonces, researchers have discovered. According to PuTTY maintainers, 521-bit ECDSA is the only affected key type.

#CVE #vulnerability #CVE-2024-31497

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

2024-04-15 11:46

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Delinea Secret Server is a privileged access management solution "For the modern, hybrid enterprise".

#bypass #critical #server #vulnerability

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

2024-04-15 08:17

Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS...

#paloalto #vulnerability #CVE-2024-3400

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

2024-04-11 05:23

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the...

#critical #fortinet #security #vulnerability #CVE-2023-45590

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

2024-04-10 03:05

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score...

#attack #critical #systems #vulnerability #windows #CVE-2024-24576

Security Vulnerability of HTML Emails

2024-04-08 11:03

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. The innocent pretext disappeared and the real phishing email became visible.

#email #html #security #vulnerability

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News