Penetration Testing

DECEMBER 23, 2023

Identified as... The post CVE-2023-51385 and CVE-2023-6004 – A Dual OpenSSH Threat appeared first on Penetration Testing. A now-patched security vulnerability, with a CVSS score of 9.8, threatened the very core of its secure channel operations.

Penetration Testing 130

Penetration Testing 130

Penetration Testing

MARCH 26, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm regarding active attacks targeting a vulnerability in Microsoft SharePoint Server (CVE-2023-24955).

Penetration Testing 126

Penetration Testing Cybersecurity 126

Penetration Testing

FEBRUARY 18, 2024

Recently disclosed vulnerabilities (CVE-2023-28078 and CVE-2023-32462) pose a severe threat. They range from sensitive data exposure, and service disruption, all... The post CVE-2023-32462 (CVSS 9.8): Patch Dell Switches to Block Takeover appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing 122

Penetration Testing

FEBRUARY 15, 2024

Two new vulnerabilities (CVE-2023-52160, CVE-2023-52161) in open-source WiFi software are allowing attackers to trick victims into connecting to evil twins of trusted networks intercept their traffic, and join otherwise secure networks without needing the... The post Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161) (..)

Penetration Testing 103

Penetration Testing Risk Software 103

Penetration Testing

APRIL 1, 2024

This vulnerability, designated CVE-2023-6154, carries a... The post Bitdefender CVE-2023-6154 Flaw Alert: Update Now to Prevent Potential Privilege Escalation appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing Antivirus Internet Internet 107

Penetration Testing

FEBRUARY 19, 2024

A proof-of-concept (PoC) was disclosed for a severe design flaw (CVE-2023-50387) in Domain Name System Security Extensions (DNSSEC), leaving DNS infrastructures vulnerable to widespread denial-of-service (DoS) attacks.

DNS 125

DNS Penetration Testing 125

Penetration Testing

MARCH 10, 2024

The vulnerability, labeled CVE-2023-41313, allows attackers to exploit weaknesses in the authentication process within Apache Doris... The post CVE-2023-41313: Timing Attack Flaw in Apache Doris Database Puts Data at Risk appeared first on Penetration Testing.

Penetration Testing 120

Penetration Testing Risk Authentication 120

Penetration Testing

APRIL 16, 2024

Despite a year-old fix, hackers are exploiting unpatched devices, fueling the... The post Old Vulnerability, New Attacks: Botnets Swarm Exploited CVE-2023-1389 in TP-Link Routers appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Cybersecurity 108

Penetration Testing

FEBRUARY 21, 2024

for Windows, Mac, and Linux, addressing a severe privilege escalation vulnerability (CVE-2023-7235). During non-standard OpenVPN GUI installations... The post CVE-2023-7235: OpenVPN Vulnerability Puts Windows Users at Risk appeared first on Penetration Testing. OpenVPN has released version 2.6.9

Penetration Testing 114

Penetration Testing Risk 114

Penetration Testing

MARCH 25, 2024

Security researcher Yann Gascuel (Alter Solutions) has detailed a critical privilege escalation vulnerability (CVE-2023-42931) affecting the following macOS versions: macOS Monterey prior to 12.7.2 ... The post CVE-2023-42931: macOS Flaw Exposed Systems to Easy Privilege Escalation – Patch Now! macOS Ventura prior to 13.6.3

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 30, 2024

The GNU C Library (glibc), a fundamental component in major Linux distributions, has a critical vulnerability, CVE-2023-6246. The core of this... The post Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing Risk 122

Security Boulevard

JUNE 8, 2023

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Justin Wynn – Red Team Tales – 7 Years of Physical Penetration Testing appeared first on Security Boulevard.

Penetration Testing 52

Penetration Testing Education InfoSec Cybersecurity 52

Penetration Testing

MARCH 4, 2024

A severe security flaw (CVE-2023-6825) has been uncovered in the popular File Manager and File Manager Pro WordPress plugins.

Penetration Testing 133

Penetration Testing 133

Penetration Testing

DECEMBER 15, 2023

In March, at the Pwn2Own contest in Vancouver, a... The post PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955) appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 16, 2024

A new threat looms large for users of Confluence Data Center and Confluence Server, marked by the alarming designation CVE-2023-22527.

Penetration Testing 143

Penetration Testing 143

Penetration Testing

MARCH 1, 2024

CVE-2023-50378, a stored cross-site scripting (XSS) flaw, presents a significant... The post CVE-2023-50378: Apache Ambari Stored Cross-Site Scripting Vulnerability appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing 98

Penetration Testing

FEBRUARY 13, 2024

A severe zero-day vulnerability (CVE-2023-50358) has been discovered in QNAP Network Attached Storage (NAS) devices. Threat actors are already... The post CVE-2023-50358: A zero-day vulnerability affecting QNAP NAS devices appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

eSecurity Planet

APRIL 7, 2023

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. Also read: 24 Top Open Source Penetration Testing Tools What Is Penetration Testing? An ethical hacking certification may help too.

Penetration Testing 141

Penetration Testing Social Engineering Energy and Utilities Hacking 141

Penetration Testing

MARCH 21, 2024

Security researchers at Horizon3 have released proof-of-concept (PoC) code for a severe vulnerability (CVE-2023-48788) in the Fortinet FortiClient Enterprise Management Server (EMS). With a CVSS score of 9.3,

Penetration Testing 97

Penetration Testing 97

Penetration Testing

JANUARY 21, 2024

A critical vulnerability, identified as CVE-2023-40051 and rated with a CVSS score of 9.1, CVE-2023-40051 manifests itself across multiple versions... The post CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security appeared first on Penetration Testing.

Penetration Testing 102

Penetration Testing 102

Penetration Testing

MARCH 21, 2024

A security researcher has published details and proof-of-concept (PoC) code for a Windows CVE-2023-36424 vulnerability that could be exploited to elevate privileges from a Medium Integrity Level to a High Integrity Level.

Penetration Testing 96

Penetration Testing 96

Penetration Testing

JANUARY 10, 2024

However, the discovery of CVE-2023-49647, a significant privilege... The post CVE-2023-49647: A High-Risk Zoom Vulnerability appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing Risk Software 104

Penetration Testing

FEBRUARY 17, 2024

A recently disclosed vulnerability in Dell EMC Enterprise SONiC (CVE-2023-32484) could have profound consequences for your data center network security.

Penetration Testing 109

Penetration Testing Risk Network Security 109

Penetration Testing

JANUARY 10, 2024

Known for its efficiency in providing mutable data structures through a server-client model,... The post CVE-2023-41056: Redis Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 15, 2024

A new security vulnerability was found in the GRUB boot manager, CVE-2023-4001. on the Common Vulnerability Scoring System (CVSS), presents a unique challenge in the realm of... The post Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing 107

Penetration Testing

JANUARY 2, 2024

Proof-of-concept (PoC) code has been released for a zero-day iOS vulnerability (CVE-2023-32434) that can be chained to take full control of a mobile device.

Penetration Testing 111

Penetration Testing Mobile 111

Penetration Testing

JANUARY 11, 2024

The Linux Kernel has been hit by a significant security vulnerability, CVE-2023-6040, with a CVSS score of 7.8, Discovered by Lin Ma from Ant Security Light-Year Lab, this flaw arises... The post CVE-2023-6040: A Critical Linux Kernel Netfilter Vulnerability appeared first on Penetration Testing.

Penetration Testing 103

Penetration Testing 103

Penetration Testing

MARCH 5, 2024

Two vulnerabilities (CVE-2021-36380 & CVE-2023-21237), known to be under active attack, have landed on their KEV (Known Exploited Vulnerabilities) catalog. This means... The post CISA Warns of Active Exploitation of CVE-2021-36380 & CVE-2023-21237 Flaws appeared first on Penetration Testing.

Penetration Testing 91

Penetration Testing Cybersecurity 91

Penetration Testing

JANUARY 9, 2024

This vulnerability tracked as CVE-2023-51409, classified as an “unauthenticated arbitrary file upload” issue, posed... The post CVE-2023-51409: The Severe Vulnerability Threatening 50,000 WordPress Sites appeared first on Penetration Testing.

Penetration Testing 105

Penetration Testing Engineering 105

Penetration Testing

DECEMBER 25, 2023

In the intricate world of cybersecurity, Barracuda Networks has faced a formidable challenge with the discovery of two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101, both linked to the Spreadsheet::ParseExcel library.

Penetration Testing 108

Penetration Testing Cybersecurity 108

Penetration Testing

JANUARY 24, 2024

Dubbed CVE-2023-49657, this stored cross-site scripting (XSS) vulnerability has... The post CVE-2023-49657: Apache Superset Hit by High-Risk Stored XSS Vulnerability appeared first on Penetration Testing.

Penetration Testing 100

Penetration Testing Risk Software 100

Penetration Testing

FEBRUARY 20, 2024

Vulnerability Snapshot CVE-2023-49250... The post CVE-2023-49109: Apache Dolphinscheduler Remote Code Execution Vulnerability appeared first on Penetration Testing. These vulnerabilities demand immediate attention from administrators and security professionals responsible for the deployment of this software.

Penetration Testing 86

Penetration Testing Software 86

Penetration Testing

JANUARY 12, 2024

This platform, written in Java... The post CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing 104

Penetration Testing

FEBRUARY 6, 2024

Esteemed for its versatility and support for multiple archive formats,... The post One Click, System Exposed: cpio Vulnerability (CVE-2023-7216) Threatens Unix Security appeared first on Penetration Testing.

Penetration Testing 103

Penetration Testing 103

Penetration Testing

JANUARY 28, 2024

Identified as CVE-2023-6200, with a considerable CVSS score of 7.5, this flaw exposes a critical race condition within the handling of ICMPv6... The post Critical Alert: CVE-2023-6200 Exploits Linux Kernel with Code Execution Risk appeared first on Penetration Testing.

Penetration Testing 102

Penetration Testing Risk 102

NetSpi Executives

SEPTEMBER 5, 2023

NetSPI’s industry-leading AI/ML pentesting solution was built from decades of manual penetration testing expertise in network, application, cloud, and more, designed specifically to identify, understand, and mitigate risks of AI and ML models.

Penetration Testing 52

Penetration Testing Risk Network Security Technology 52

Penetration Testing

JANUARY 18, 2024

However,... The post CVE-2023-50643: Evernote Remote Code Execution Flaw, PoC Published appeared first on Penetration Testing. It’s like a digital filing cabinet for your brain, but way more powerful and versatile.

Penetration Testing 107

Penetration Testing 107