Penetration Testing

APRIL 1, 2024

JumpServer, a popular open-source bastion host system, has recently been found to contain two critical vulnerabilities (CVE-2024-29201 and CVE-2024-29202) that could allow attackers to execute arbitrary code remotely.

Penetration Testing 136

Penetration Testing Risk 136

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing 136

Penetration Testing Risk 136

Penetration Testing

MAY 9, 2024

The flaw, tracked as CVE-2024-4701, carries a critical CVSS score of 9.9.... ... The post CVE-2024-4701 (CVSS 9.9): Major RCE Risk in Netflix’s Genie Platform appeared first on Penetration Testing.

Penetration Testing 75

Penetration Testing Risk Big data Engineering 75

Penetration Testing

APRIL 22, 2024

This zero-day flaw, identified as CVE-2024-4040 with a CVSS score of 7.7, poses a severe risk to organizations... The post CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Software Risk 139

Penetration Testing

FEBRUARY 28, 2024

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Risk 139

Penetration Testing

MARCH 27, 2024

A serious security vulnerability, dubbed “WallEscape” (CVE-2024-28085), has been uncovered in the essential Linux system utilities package, util-linux.

Passwords 104

Passwords Penetration Testing Risk 104

Penetration Testing

MARCH 5, 2024

HashiCorp’s Vault, a popular tool for securely managing sensitive data, contains a vulnerability (CVE-2024-2048, CVSS 8.1) Understanding... The post CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing Risk Authentication 97

Penetration Testing

FEBRUARY 26, 2024

Two security vulnerabilities (CVE-2024-24401 and CVE-2024-24402) have been identified in Nagios XI, a widely used enterprise-grade monitoring tool. These flaws pose significant risks for organizations utilizing the software. Nagios XI... The post CVE-2024-24401 & 24402: Nagios XI Security Flaws Found!

Penetration Testing 144

Penetration Testing Software Risk 144

Penetration Testing

MARCH 8, 2024

Canon has released a security bulletin addressing a buffer overflow vulnerability (CVE-2024-2184, CVSS 9.8) Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update appeared first on Penetration Testing.

Firmware 141

Firmware Penetration Testing Risk 141

Penetration Testing

MARCH 7, 2024

A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation.

Penetration Testing 123

Penetration Testing Risk 123

Penetration Testing

JANUARY 24, 2024

Photo Gallery is the leading... The post Over 200,000 Sites at Risk: Directory Traversal CVE-2024-0221 Vulnerability Hits Photo Gallery Plugin appeared first on Penetration Testing. The affected plugin, Photo Gallery by 10Web – Mobile-Friendly Image Gallery, has over 200,000 active installations.

Penetration Testing 125

Penetration Testing Risk Mobile 125

Penetration Testing

FEBRUARY 19, 2024

A critical remote code execution (RCE) vulnerability (CVE-2024-25600, CVSS 9.8) This vulnerability is actively being exploited, rendering affected websites at significant risk.... ... The post CVE-2024-25600: WordPress’s Bricks Builder RCE Flaw Under Attack appeared first on Penetration Testing.

Penetration Testing 135

Penetration Testing Risk 135

Penetration Testing

MARCH 14, 2024

This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Risk 136

Penetration Testing

MARCH 26, 2024

The technical details and proof-of-concept (PoC) exploit code for a severe vulnerability in the Linux kernel (CVE-2024-1086) have been exposed, putting countless systems at risk. on the CVSS scale,... The post CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published! This flaw, rated a 7.8

Penetration Testing 117

Penetration Testing Risk 117

Penetration Testing

MARCH 8, 2024

What’s the Risk? The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices.

Penetration Testing 135

Penetration Testing Software Risk Authentication 135

Penetration Testing

MARCH 26, 2024

Critical Vulnerability and Large Payout CVE-2024-2883: Use after... The post Google Chrome Update Patches High-Risk Vulnerabilities appeared first on Penetration Testing. Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87),

Penetration Testing 107

Penetration Testing Risk 107

Penetration Testing

JANUARY 10, 2024

Identified as CVE-2024-20272, this vulnerability allows unauthenticated attackers could gain root privileges on unpatched devices. Cisco Unity Connection lets users access and... The post Root Access Risk: Cisco Unity Connection’s CVE-2024-20272 Security Breach appeared first on Penetration Testing.

Penetration Testing 93

Penetration Testing Risk Software 93

Penetration Testing

FEBRUARY 22, 2024

A patched vulnerability within Apple’s Shortcuts automation framework presents a substantial risk to macOS and iOS devices.

Penetration Testing 131

Penetration Testing Risk 131

Penetration Testing

FEBRUARY 4, 2024

These vulnerabilities tracked as CVE-2024-25089 and CVE-2023-36631, pose significant risks... The post CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control appeared first on Penetration Testing.

Firewall 80

Firewall Penetration Testing Risk 80

Penetration Testing

APRIL 9, 2024

A critical vulnerability in the Rust standard library has been uncovered, exposing Windows-based systems to the risk of arbitrary code execution.

Penetration Testing 111

Penetration Testing Risk 111

Penetration Testing

MARCH 26, 2024

A security vulnerability in TeamViewer has been uncovered, putting macOS users of older versions at significant risk. This “symlink” flaw could allow attackers to elevate their privileges on a target machine and potentially cause... The post CVE-2024-1933: TeamViewer Bug Exposes macOS Users: Update Immediately!

Penetration Testing 111

Penetration Testing Risk 111

Penetration Testing

MARCH 28, 2024

Security researcher Malcolm Stagg has detailed a critical vulnerability in Google Chrome (designated CVE-2024-0333) that could have left users at risk of stealthy malicious extension installations.

Penetration Testing 100

Penetration Testing Risk 100

Penetration Testing

MARCH 11, 2024

A critical vulnerability (CVE-2024-2370, CVSS 9.8) ... The post CVE-2024-2370 (CVSS 9.8): Critical Flaw in ManageEngine Desktop Central Poses Major Security Risk appeared first on Penetration Testing.

Penetration Testing 82

Penetration Testing Risk 82

Penetration Testing

JANUARY 17, 2024

A critical flaw, identified as CVE-2024-22406 with a CVSS score... The post Ecommerce Alert: Shopware Hit by Critical-Risk CVE-2024-22406 Flaw appeared first on Penetration Testing.

eCommerce 85

eCommerce Penetration Testing Risk Cybersecurity 85

Penetration Testing

JANUARY 21, 2024

In the interconnected realm of modern technology, where devices ranging from NAS systems to next-gen routers and headless home servers become the backbone of our digital lives, the software that powers them is of... The post CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability appeared first on Penetration Testing.

Penetration Testing 82

Penetration Testing Risk Technology Software 82

Penetration Testing

JANUARY 8, 2024

A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used... The post Linux Kernel Flaw CVE-2024-0193 Opens Root Access appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

The Last Watchdog

MAY 8, 2024

May 8, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended Internet of Things (XIoT) security tools for their unique environments.

Risk 130

Risk Penetration Testing Cyber threats Media 130

Penetration Testing

APRIL 9, 2024

A critical security vulnerability has been discovered in Fortra’s Robot Schedule Enterprise Agent for Windows, putting users at risk of privilege escalation attacks.

Penetration Testing 81

Penetration Testing Risk 81

Penetration Testing

MARCH 21, 2024

has uncovered a severe vulnerability in the popular Artica Proxy appliance, leaving over 100,000 installations globally at risk. Security researcher Jaggar Henry at KoreLogic, Inc.

Penetration Testing 82

Penetration Testing Risk 82

Penetration Testing

MAY 13, 2024

Popular office suite app WPS Office, with over 500 million installs on Android, has been found vulnerable to a path traversal attack dubbed “Dirty Stream,” potentially exposing user data and enabling unauthorized access to... The post CVE-2024-35205: Security Flaw in WPS Office Puts Over 500 Million Android Users at Risk appeared (..)

42

42

Penetration Testing

MARCH 13, 2024

Organizations relying on Fortra FileCatalyst Workflow, a widely-used enterprise file transfer solution, are at severe risk due to a newly disclosed remote code execution (RCE) vulnerability (CVE-2024-25153, CVSS 9.8)

Penetration Testing 54

Penetration Testing Risk 54

Penetration Testing

FEBRUARY 21, 2024

A critical security vulnerability has been exposed in Progress Kemp LoadMaster, leaving your network infrastructure at grave risk.

Penetration Testing 92

Penetration Testing Risk 92

Penetration Testing

FEBRUARY 21, 2024

With over 50,000 active installations, WordPress users must understand the risks and take immediate action. Versions... The post CVE-2024-1317: Critical WordPress Plugin Flaw Leaves Your Data Exposed appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Risk 84

Penetration Testing

APRIL 18, 2024

These flaws, which could open the door for denial of service attacks or expose sensitive data,... The post Keycloak Patches Vulnerabilities, Mitigates DDoS and Data Theft Risks appeared first on Penetration Testing.

DDOS 110

DDOS Penetration Testing Risk Authentication 110

Penetration Testing

APRIL 17, 2024

These vulnerabilities could allow attackers to compromise websites, steal sensitive data,... The post Critical Vulnerabilities in Popular Forminator WordPress Plugin Put Hundreds of Thousands of Websites at Risk appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Risk 127

Penetration Testing

MAY 9, 2024

Security researcher István Márton has exposed a series of disturbing vulnerabilities within... The post 90k+ Users at Risk: Unauthenticated LFI Vulnerability Affects Porto Theme appeared first on Penetration Testing.

Penetration Testing 71

Penetration Testing Risk 71

Penetration Testing

MARCH 10, 2024

... The post Canva Uncovers Critical Font Vulnerabilities, Exposes Cybersecurity Risks appeared first on Penetration Testing. The company’s investigation revealed three previously unknown vulnerabilities (CVEs) in popular tools used for font processing and manipulation....

Penetration Testing 105

Penetration Testing Risk Cybersecurity 105