Security Boulevard

MAY 4, 2023

On April 25, 2023, researchers at Bitsight and Curesec jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. What is SLP protocol?

DDOS 75

DDOS Internet Internet 75

Malwarebytes

SEPTEMBER 18, 2023

138 new vulnerabilities in open-source projects were all entered the same day to the CVE database. To understand what the problem is there are a few things you’ll need to know. CVE – Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed vulnerabilities and exposures that is maintained by MITRE.

Technology 97

Technology Information Security Software Risk 97

McAfee

SEPTEMBER 22, 2021

While many of these vulnerabilities are important and should be patched as soon as possible, there is one critical vulnerability that McAfee Enterprise wants to immediately bring to your attention due to the simplicity of what is required to exploit, and evidence that possible exploitation is already being attempted. Source: MVISION Insights.

Firewall 55

Firewall Software DDOS Internet 55

Krebs on Security

DECEMBER 14, 2022

The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature. Publicly disclosed (but not actively exploited for now) is CVE-2022-44710 , which is an elevation of privilege flaw in the DirectX graphics component of Windows 11.

Social Engineering 191

Social Engineering Ransomware Software Engineering 191

Heimadal Security

JUNE 3, 2022

What Makes the CVE-2022-26134 Important? […]. […]. The post Zero-day Exploited to Target Atlassian Confluence appeared first on Heimdal Security Blog. A zero-day vulnerability is a newly discovered software security flaw that has not yet been patched by the developers and, as a result, can be exploited.

Software 111

Software Cybersecurity 111

Heimadal Security

OCTOBER 26, 2021

A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday. What Is Discourse? The post Admins Urged by CISA to Patch Critical RCE Bug Found in Discourse appeared first on Heimdal Security Blog. and Ruby on Rails. and Ruby on Rails.

Internet 132

Internet Internet Cybersecurity 132

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 133

Ransomware Encryption Malware Hacking 133

Heimadal Security

MAY 18, 2022

What Happened? Hackers are making extensive use of a remote code execution vulnerability known as CVE-2021-25094 that is present in the Tatsu Builder plugin for WordPress. The post Millions of Cyberattacks Are Targeting Tatsu WordPress Plugin appeared first on Heimdal Security Blog. The […].

Cybersecurity 106

Cybersecurity 106

NetSpi Technical

MARCH 11, 2024

This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. The first attachment of the form description and a special property, 0x6902001F , determines what registry keys need to be added under the CLSID to install the form.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

eSecurity Planet

AUGUST 9, 2023

The six critical vulnerabilities discussed in the release note are as follows: CVE-2023-29328 and CVE-2023-29330 , a pair of remote code execution flaws in Microsoft Teams with a CVSS score of 8.8 CVE-2023-36895 , a remote code execution flaw in Microsoft Outlook with a CVSS score of 7.8 exe and hvciscan_arm64.exe),

VPN 96

VPN Security Defenses Cybersecurity Engineering 96

Security Boulevard

OCTOBER 28, 2022

The security industry is known to overreact to new CVEs, especially when they are rate critical. It’s a lot easier to tweet or blog about something than it is to drop everything you are working on to try to figure out how to update the library that is vulnerable to said CVE. Insight #2. ". How do we do that you ask?

CISO 122

CISO Cybersecurity Risk 122

Heimadal Security

JANUARY 11, 2023

The Vulnerabilities in Cause and What They Do The first one tracked as CVE-2022-41080, is a […]. The post CISA Adds Two More Security Vulnerabilities to Its KEV Catalog appeared first on Heimdal Security Blog. CISA ordered agencies to patch the bugs as soon as possible to avoid exploitation by threat actors.

Cybersecurity 87

Cybersecurity 87

Krebs on Security

JULY 8, 2021

On July 3, the REvil ransomware affiliate program began using a zero-day security hole ( CVE-2021-30116 ) to deploy ransomware to hundreds of IT management companies running Kaseya’s remote management software — known as the Kaseya Virtual System Administrator (VSA). As its name suggests, CVE-2015-2862 was issued in July 2015.

Software 282

Software Ransomware System Administration Authentication 282

Heimadal Security

JANUARY 7, 2022

They also mentioned that the bug will be assigned the CVE-2021-42392. What Is JNDI? The post JNDI Vulnerability in H2 Database Similar to Log4Shell appeared first on Heimdal Security Blog. Java Naming and Directory Interface aka JNDI stands for an API whose role […].

Cybersecurity 97

Cybersecurity 97

Malwarebytes

SEPTEMBER 14, 2021

You can check what version of Chrome you are running by opening About Google Chrome from the main menu. The About Google Chrome screen tells you what version you are running and whether it is up to date. The two vulnerabilities that are being actively exploited—namely, CVE-2021-30632 and CVE-2021-30633 —were submitted anonymously.

Engineering 132

Engineering Marketing 132

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. On March 25, Sophos announced to have fixed the authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3)

Firewall 132

Firewall DNS Authentication Malware 132

Heimadal Security

MAY 5, 2022

What Happened? The vulnerability has been assigned the name CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, The vulnerability has been assigned the name CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, The post BIG-IP RCE Bug Could Allow Device Takeover appeared first on Heimdal Security Blog.

Banking 80

Banking Internet Internet Government 80

Adam Shostack

MAY 15, 2021

Blog posts from Sophos and Mandiant seem really useful! Information sharing is working, and what the heck does a Cyber Review Board have left to do? The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. The first thing I did was to compare the kill chain models. Execution(?).

Phishing 357

Phishing Engineering Passwords 357

Security Boulevard

MARCH 8, 2024

A critical vulnerability, identified as CVE-2024-27198, has been discovered in JetBrains’ TeamCity On-Premises CI/CD solution, posing a significant security threat that allows remote unauthenticated attackers to gain administrative control of the server. Here’s what you need to know.

Software 69

Software 69

Malwarebytes

OCTOBER 12, 2022

What was fixed. The actively exploited vulnerability in this month's batch is CVE-2022-41033 , a vulnerability with a CVSS score of 7.8 The actively exploited vulnerability in this month's batch is CVE-2022-41033 , a vulnerability with a CVSS score of 7.8 What wasn’t fixed. Other vendors.

Software 93

Software Authentication 93

Krebs on Security

MAY 12, 2020

“What is interesting and often overlooked is seven of the ten [fixes] at higher risk of exploit are only rated as Important,” Schell said. These include a pair of “Important” flaws in Win32k ( CVE-2020-1054 , CVE-2020-1143 ) and one in the Windows Graphics Component ( CVE-2020-1135 ).

Backups 272

Backups Software Risk Media 272

eSecurity Planet

JUNE 13, 2023

The six critical vulnerabilities are as follows: CVE-2023-24897 , a remote code execution vulnerability in.NET,NET Framework, and Visual Studio, with a CVSS score of 7.8 CVE-2023-29357 , an elevation of privilege vulnerability in Microsoft SharePoint Server, with a CVSS score of 9.8

Accountability 97

Accountability VPN Software Engineering 97

Security Affairs

JUNE 20, 2022

The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. reads the security advisory published by Apple.

Hacking 119

Hacking Software Cybersecurity Data breaches 119

Security Boulevard

MARCH 30, 2022

Exclamation Circle icon NOTE : A separate Spring vulnerability CVE-2021-22963 (High) disclosed a few days ago impacts Spring Cloud Function. What is it? It is a bypass for an older CVE, CVE-2010-1622 that due to a feature in JDK9 or newer seems to have been reinstated. This was confirmed by Praetorian.

Media 98

Media Internet Internet Software 98

Security Affairs

JULY 3, 2022

For example, the recently discovered Follina Windows vulnerability , tracked as CVE-2022-30190, is a variant of the CVE-2021-40444 MSHTML zero-day. For example, the recently discovered Follina Windows vulnerability , tracked as CVE-2022-30190, is a variant of the CVE-2021-40444 MSHTML zero-day. ” continues Stone.

Hacking 99

Hacking Information Security 99

Veracode Security

NOVEMBER 1, 2022

with security fixes for High Severity vulnerabilities CVE-2022-3786 & CVE-2022-3602 discussed here. Here's how to know if you're affected and what to do if you are. OpenSSL Blog; container images, distributions and software released before this date are unlikely to be affected. OpenSSL released version 3.0.7

Software 75

Software 75

Security Boulevard

OCTOBER 24, 2022

The CVE-2022-42889 that was dubbed as Text4Shell or ACT4Shell created a lot of noise on social media when it was published (on October 13th), mainly because of the comparison to Log4Shell. For those who are not familiar with Log4Shell and Spring4Shell you are welcome to visit our previous blog posts. What is Text4Shell?

Media 69

Media 69

SecureList

DECEMBER 21, 2023

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. We found that since June 2022, attackers have used exploits for at least five different Common Log File System (CLFS) driver vulnerabilities.

Ransomware 107

Ransomware Engineering Advertising Technology 107

eSecurity Planet

MARCH 16, 2023

Critical Outlook Zero-Day The Outlook zero-day, CVE-2023-23397 , with a critical CVSS score of 9.8, ” Also read: Ransomware Protection: How to Prevent Ransomware Attacks SmartScreen Zero-Day The SmartScreen zero-day, CVE-2023-24880 , is also being actively exploited but has a much lower CVSS score of 5.4.

Energy and Utilities 97

Energy and Utilities Authentication Firewall Engineering 97

eSecurity Planet

DECEMBER 8, 2022

. “This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable,” Yair warned in a blog post detailing the findings. ” He shared his findings in a presentation yesterday at Black Hat Europe.

Antivirus 134

Antivirus Software Marketing Ransomware 134

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. According to Palo Alto Networks, the CVE-2022-0778 vulnerability can be exploited by remote attackers to trigger a denial of service condition and crash vulnerable devices.

Firewall 97

Firewall VPN Cybercrime Software 97

Security Affairs

NOVEMBER 28, 2021

0patch released free unofficial patches for Windows local privilege escalation zero-day ( CVE-2021-24084 ) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. ” wrote 0patch co-founder Mitja Kolsek.

Accountability 136

Accountability Mobile Hacking Information Security 136

Security Boulevard

MARCH 28, 2022

On Friday, March 25, 2022, Google released an out-of-cycle emergency update for Chrome, tracked as CVE-2022-1096 regarding a high-severity vulnerability in the Chrome V8 JavaScript engine. What happened? The post Google Chrome Zero-Day Attack: What You Need to Know appeared first on Nuspire. The attack was….

Engineering 98

Engineering Software 98

SecureList

DECEMBER 21, 2023

Based on the details published in that blog post, we can assume that this zero-day was created by the same person who created a previously described 1-day exploit for CVE-2022-24521. It is more similar to the publicly described exploit for the previous CVE-2022-24521. But in this part we want to discuss a different exploit.

Ransomware 68

Ransomware Technology Malware 68

NetSpi Technical

JANUARY 18, 2024

When Great Becomes…Not so Great: A Light Review of CVE-2023-43320 Proxmox products supporting TOTP prior to version 8.0 This article is co-authored by Gabe Rust. Welcome to the Battlefield Staring at the soft glow of a monitor, a hacker sipped coffee and watched the minutes tick by. The credentials had been obtained. But then it struck me.

Authentication 115

Authentication Passwords Accountability Penetration Testing 115

Security Affairs

JUNE 6, 2022

What GEMINI-NET from Resi is. CVE-2022-29539 – RESI S.p.A. CVE-2022-29538 – RESI S.p.A. During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It’s been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8.

Software 112

Software Architecture Technology Engineering 112

Security Boulevard

MARCH 17, 2023

Background: On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397. What is the issue? What can you do to protect yourself? The post Coverage Advisory for CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability appeared first on Security Boulevard.

Authentication 69

Authentication Accountability 69