vulnerability Archives - Page 5 of 24

Cisco fixes serious flaws in emergency responder and other products

Issued by: CSO Online

Cisco patched authentication, privilege escalation, and denial-of-service vulnerabilities this week in several of its products, including one that’s used for identifying the location of 9-1-1 emergency callers. The flaw in Cisco Emergency Responder is caused by the presence of default static credentials for the root account that were used during development but were never removed….

Vulnerabilities

Apple fixed the 17th zero-day flaw exploited in attacks

Issued by: Security Affairs

Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. “A local attacker may be able to elevate their privileges. Apple is aware…

Vulnerabilities

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Issued by: The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat Analysis Group and Google Project Zero…

Vulnerabilities

Trend Micro Patches Zero-Day Endpoint Vulnerability

Issued by: Dark Reading

Trend Micro has released an advisory covering a critical zero-day flaw — tracked as CVE-2023-41179 — that affects Apex One, Apex One SaaS, and Worry-Free Business Security. The vulnerability can be exploited for arbitrary code execution, and it revolves around the “products’ ability to uninstall third-party security software.” The advisory, written in Japanese, details how…

Application Security

Google Fixes Chrome Zero-Day Exploited in the Wild

Issued by: DataBreach Today

Google released a fix on Monday for a Chrome zero-day. Like the three before it, this fourth Chrome zero-day vulnerability found in 2023 allows an attacker to remotely target a vulnerable version of the browser. An attacker could exploit the vulnerability to execute arbitrary code, mishandle the data in the browser’s memory and eventually crash…

Malware & Threats

Clop ransomware dominates ransomware space after MOVEit exploit campaign

Issued by: CSO Online

The number of ransomware attacks in July rose over 150% compared to last year and the actors behind the Clop ransomware were responsible for over a third of them. The gang took the lead from LockBit as the top ransomware threat after exploiting a zero-day vulnerability in a managed file transfer (MFT) application called MOVEit…

Vulnerabilities

Cuba Ransomware Exploits Veeam Vulnerability

Issued by: DataBreach Today

The Cuba ransomware group is exploiting a bug in data backup software exposed in March, warn security researchers. The Russian-speaking gang is deploying a combination of new and old tools, including a high-severity vulnerability in a backup application made by software developer Veeam, said BlackBerry. The Russian-speaking gang is deploying a combination of new and…

Network Security

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack

Issued by: The Hacker News

Just recently, an attack believed to be perpetrated by the Chinese hacker group Storm-0558 targeted several government agencies. They used fake digital authentication tokens to access webmail accounts running on Microsoft’s Outlook service. In this incident, the attackers stole a signing key from Microsoft, enabling them to issue functional access tokens for Outlook Web Access…

Vulnerabilities

Dell Credentials Bug Opens VMware Environments to Takeover

Issued by: Dark Reading

Hardcoded credentials in the Dell Compellent storage array service could enable attackers to take over enterprise VMware environments for any organizations running those two services in collaboration. Dell Compellent reached its end of life in 2019, and holds less than a 1% share of the data storage market, according to Enlyft. However, organizations still using…

Vulnerabilities

Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List

Issued by: DataBreach Today

A five-year old vulnerability in Fortinet SSL VPNs remains one of the most widely exploited flaws in enterprise networks, despite repeat patch warnings. So say cybersecurity officials across the U.S. and its Five Eyes intelligence alliance partners in a new joint security advisory detailing the 12 most common vulnerabilities and exposures that were most “routinely…