Penetration Testing

FEBRUARY 28, 2024

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Risk 136

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing 118

Penetration Testing Risk 118

Security Affairs

APRIL 25, 2024

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The IT giant also fixed a high-severity flaw tracked as CVE-2024-4059.

Engineering 83

Engineering Hacking Information Security 83

Penetration Testing

APRIL 21, 2024

This flaw, designated CVE-2024-29291, affects versions 8.* of... The post Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk appeared first on Penetration Testing. through 11.*

Penetration Testing 141

Penetration Testing Risk Data breaches 141

Penetration Testing

APRIL 21, 2024

Citrix has released an urgent security advisory regarding a vulnerability (CVE-2024-3902) discovered in its uberAgent software. High), could allow attackers to escalate their privileges within... The post Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing Software 118

Penetration Testing

APRIL 19, 2024

A recently discovered flaw in the GNU C Library’s (glibc) iconv function (CVE-2024-2961) carries severe implications for web applications built on PHP.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

APRIL 18, 2024

The patches address a high-severity vulnerability, designated CVE-2024-20380 (CVSS 7.5), that could allow unauthenticated, remote attackers to crash ClamAV... The post ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380 appeared first on Penetration Testing.

Penetration Testing 131

Penetration Testing Risk Antivirus Software 131

Penetration Testing

JANUARY 29, 2024

Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.

Penetration Testing 140

Penetration Testing 140

Penetration Testing

APRIL 9, 2024

Microsoft’s April 2024 Patch Tuesday release brings a staggering 147 new vulnerability fixes across its software ecosystem.

Penetration Testing 107

Penetration Testing Software Cybersecurity 107

Security Boulevard

APRIL 9, 2024

For April 2024, Microsoft has rolled out a significant update aimed at bolstering the security and performance of its product suite. Key Highlights from April’s Patch Tuesday: Total Updates: This month, … Read More The post Patch Tuesday Update – April 2024 appeared first on Security Boulevard.

Cyber threats 113

Cyber threats 113

Penetration Testing

MARCH 5, 2024

Apple recently pushed out emergency patches to fix two zero-day vulnerabilities (CVE-2024-23225 and CVE-2024-23296) that are already under attack. Hackers were actively using these... The post CVE-2024-23225 & CVE-2024-23296: Apple Patches Actively Exploited 0-Day Flaws appeared first on Penetration Testing.

Penetration Testing 105

Penetration Testing 105

Security Boulevard

APRIL 5, 2024

trillion in 2024, potentially growing at a 13% compound annual growth rate (CAGR). Enterprise […] The post Expert Insights on IoT Security Challenges in 2024 appeared first on TuxCare. The post Expert Insights on IoT Security Challenges in 2024 appeared first on Security Boulevard.

IoT 112

IoT Marketing Internet Internet 112

Penetration Testing

MARCH 22, 2024

These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Hacking 139

Security Boulevard

APRIL 18, 2024

Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement and fixed two information disclosure vulnerabilities (CVE-2024-21006/CVE-2024-21007) in Oracle WebLogic Server. The post WebLogic T3/IIOP Information Disclosure Vulnerability (CVE-2024-21006/CVE-2024-21007) appeared first on Security Boulevard.

Cyber Attacks 64

Cyber Attacks 64

Security Boulevard

MARCH 29, 2024

CVE-2024-27198 Lead to Server Takeover Vulnerabilities The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? appeared first on Kratikal Blogs. appeared first on Security Boulevard.

Penetration Testing 122

Penetration Testing Cyber Attacks Network Security 122

Penetration Testing

APRIL 5, 2024

This vulnerability, designated CVE-2024-3116, allows attackers to execute malicious code on servers... The post CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks appeared first on Penetration Testing.

Penetration Testing 128

Penetration Testing 128

Penetration Testing

FEBRUARY 26, 2024

Two security vulnerabilities (CVE-2024-24401 and CVE-2024-24402) have been identified in Nagios XI, a widely used enterprise-grade monitoring tool. Nagios XI... The post CVE-2024-24401 & 24402: Nagios XI Security Flaws Found! These flaws pose significant risks for organizations utilizing the software.

Penetration Testing 144

Penetration Testing Software Risk 144

Penetration Testing

MARCH 17, 2024

These vulnerabilities, labeled CVE-2024-28353 and CVE-2024-28354, leave these routers alarmingly exposed to potential remote... The post CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available appeared first on Penetration Testing.

Penetration Testing 137

Penetration Testing 137

Security Boulevard

MARCH 15, 2024

In 2024, several companies are standing out for their innovative solutions in different security domains. This year, the cybersecurity market is expected to grow by $300 billion by 2024. The post Top 10 Cybersecurity Assessment Companies in 2024 appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity Marketing 122

Penetration Testing

MARCH 31, 2024

The technical details and proof-of-concept (PoC) exploit code has been released for a significant vulnerability, designated CVE-2024-0582 (CVSS 7.8) could allow attackers with local... The post CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Security Boulevard

MARCH 12, 2024

The post Patch Tuesday Update - March 2024 appeared first on Digital Defense. The post Patch Tuesday Update – March 2024 appeared first on Security Boulevard.

111

111

Penetration Testing

MARCH 18, 2024

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah. could allow attackers to escape the confines of... The post CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes appeared first on Penetration Testing.

Penetration Testing 128

Penetration Testing 128

Penetration Testing

FEBRUARY 14, 2024

to address two critical vulnerabilities (CVE-2024-24989, CVE-2024-24990) lurking within its experimental HTTP/3 implementation. While this newer, faster protocol... The post NGINX Releases Urgent Patch for HTTP/3 Vulnerabilities (CVE-2024-24989, CVE-2024-24990) appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

APRIL 17, 2024

HashiCorp has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-3817) within its widely used go-getter library.

Penetration Testing 115

Penetration Testing 115

Penetration Testing

FEBRUARY 11, 2024

This vulnerability, designated CVE-2024-0985 (CVSS 8.0), could allow attackers to execute malicious code with... The post CVE-2024-0985: PostgreSQL’s Critical Security Flaw Exposed appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing System Administration Software 138

Penetration Testing

APRIL 4, 2024

A vulnerability (CVE-2024-31498) with a CVSS score of 7.7 was discovered, allowing attackers to exploit elevated privileges on... The post YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows appeared first on Penetration Testing. for its YubiKey Manager GUI software.

Penetration Testing 144

Penetration Testing Software 144

Penetration Testing

MARCH 1, 2024

This flaw, tracked as CVE-2024-0692, could allow unauthenticated attackers to take complete control of... The post CVE-2024-0692: SolarWinds Security Event Manager Unauthenticated RCE Flaw appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing 142

Penetration Testing

APRIL 10, 2024

Identified as CVE-2024-31861, this flaw gives attackers a way to inject malicious code through Zeppelin’s Shell interpreter,... The post CVE-2024-31861: Apache Zeppelin Vulnerability Opens Door to Code Injection Attacks appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing 118

Penetration Testing

MARCH 7, 2024

A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation.

Penetration Testing 123

Penetration Testing Risk 123

Security Affairs

MARCH 27, 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. The high-severity vulnerability CVE-2024-2886 is a use after free issue that resides in the WebCodecs. The flaw was demonstrated by Seunghyun Lee ( @0x10n ) of KAIST Hacking Lab during the Pwn2Own 2024.

Hacking 107

Hacking Mobile Information Security 107

Penetration Testing

FEBRUARY 27, 2024

This flaw (CVE-2024-1403) carries a CVSS score of 10 – the highest severity rating possible. This means an immediate... The post CVE-2024-1403 (CVSS 10): Critical Progress OpenEdge Vulnerability appeared first on Penetration Testing.

Penetration Testing 134

Penetration Testing Authentication 134

Penetration Testing

FEBRUARY 5, 2024

Google, a titan in the digital realm, has once again demonstrated its commitment to user security with the release of its February 2024 security updates for Android. This latest security bulletin brings to the... The post CVE-2024-0031: Critical Android Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing 144

Penetration Testing

MARCH 13, 2024

Recently, researchers at the Zero Day Initiative (ZDI) have dissected a complex DarkGate malware campaign targeting users through a zero-day flaw in Microsoft Windows SmartScreen (CVE-2024-21412).

Penetration Testing 138

Penetration Testing Malware 138

Penetration Testing

MARCH 10, 2024

The vulnerability, designated as CVE-2024-22252, could potentially allow attackers to... The post Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports 171

Threat Reports Social Engineering Engineering Phishing 171

Penetration Testing

APRIL 10, 2024

project has released an urgent security update addressing a critical command injection vulnerability (CVE-2024-27980) on Windows systems. Even with ‘shell’ options disabled, this flaw could allow attackers to execute malicious code on... The post CVE-2024-27980: Critical Node.js

Penetration Testing 109

Penetration Testing 109

Penetration Testing

APRIL 1, 2024

Octopus Deploy, the popular deployment automation platform, has released a security advisory and subsequent patches to address a critical vulnerability (CVE-2024-2975).

Penetration Testing 114

Penetration Testing 114