Vulnerabilities

Vulnerabilities

Issued by: SecurityWeek

In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case…

Vulnerabilities

Issued by: DataBreach Today

The Cuba ransomware group is exploiting a bug in data backup software exposed in March, warn security researchers. The Russian-speaking gang is deploying a combination of new and old tools, including a high-severity vulnerability in a backup application made by software developer Veeam, said BlackBerry. The Russian-speaking gang is deploying a combination of new and…

Vulnerabilities

Issued by: Dark Reading

Hardcoded credentials in the Dell Compellent storage array service could enable attackers to take over enterprise VMware environments for any organizations running those two services in collaboration. Dell Compellent reached its end of life in 2019, and holds less than a 1% share of the data storage market, according to Enlyft. However, organizations still using…

Vulnerabilities

Issued by: Dark Reading

After vulnerabilities were found in the TETRA communications protocol that powers industrial control systems globally, researchers have revealed new research showing multiple additional zero-day vulnerabilities in a Motorola base station and system chip. Both are required to run and decrypt the TETRA communications algorithm, potentially exposing sensitive information. TETRA, or Terrestrial Trunked Radio, is a…

Vulnerabilities

Issued by: DataBreach Today

A five-year old vulnerability in Fortinet SSL VPNs remains one of the most widely exploited flaws in enterprise networks, despite repeat patch warnings. So say cybersecurity officials across the U.S. and its Five Eyes intelligence alliance partners in a new joint security advisory detailing the 12 most common vulnerabilities and exposures that were most “routinely…

Vulnerabilities

Issued by: DataBreach Today

Why are so many fresh zero-day vulnerabilities getting exploited in the wild? A new study from Google says that last year, 41 new zero-day vulnerabilities were exploited in the wild. While that’s welcome news in terms of recent volume – it’s a 40% decrease from the all-time annual high of 69 in 2021 – it’s…

Vulnerabilities

Issued by: Dark Reading

The soon-to-be-released Version 4.0 of the Common Vulnerability Scoring System (CVSS) promises to fix a number of issues with the severity metric for security bugs. But vulnerability experts say that prioritizing patches or measuring exploitability will still be a tough nut to crack. The Forum of Incident Response and Security Teams (FIRST) released a preview…

Vulnerabilities

Issued by: Security Affairs

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the company to its customers….

Vulnerabilities

Issued by: Dark Reading

A critical security vulnerability in Cisco’s SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco…

Vulnerabilities

Issued by: DataBreach Today

Configuration management – especially vulnerability patching – is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration issues to be a top weakness at a VA healthcare system in Arizona. The Veterans Affairs Office of Inspector General in a report issued Tuesday said…