vulnerability Archives - Page 2 of 22

Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File

Issued by: Dark Reading

Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be triggered using a sound file. One of the flaws, tracked as CVE-2023-35384, is actually the second patch bypass…

Malware & Threats

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Issued by: Dark Reading

Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known…

Vulnerabilities

Apache Struts 2 vulnerability discovered, as proof of concept circulates

Issued by: CSO Online

A new vulnerability found in the Apache Struts 2 framework has received a critical severity rating from NIST’s national database. A new vulnerability in the Struts 2 web application framework can potentially enable a remote attacker to execute code on systems running apps based on earlier versions of the software. The vulnerability, announced this week…

Vulnerabilities

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Issued by: Security Affairs

ownCloud is an open-source software platform designed for file synchronization and sharing. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple devices. The vulnerability, tracked as CVE-2023-49103, resides in the Graphapi app, which relies on a third-party…

Vulnerabilities

CISA Urges Patching as Hackers Exploit ‘Looney Tunables’ Bug

Issued by: DataBreach Today

U.S. federal agencies have until Dec. 12 to patch vulnerable Linux devices on their networks after researchers discovered an actively exploited security flaw. The Cybersecurity and Infrastructure Security Agency added the “Looney Tunables” vulnerability, tracked as CVE-2023-4911, to its catalog of known exploited vulnerabilities Tuesday and mandated federal civilian branch agencies to download patches to…

Vulnerabilities

Zimbra zero-day exploited to steal government emails by four groups

Issued by: Security Affairs

Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations. The experts observed that most of the attacks took place after the public…

Vulnerabilities

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

Issued by: Dark Reading

Aqua Security, the pioneer in cloud native security, today announced its open source solution Trivy now supports vulnerability scanning for Kubernetes components in addition to Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are in order to substantially reduce risk. Kubernetes has…

Vulnerabilities

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Issued by: Security Affairs

F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. “This vulnerability may allow an unauthenticated…

Vulnerabilities

Virtual Alarm: VMware Issues Major Security Advisory

Issued by: Dark Reading

VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8. The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software…

Vulnerabilities

On Point: Overcoming Vulnerability Management Challenges

Issued by: DataBreach Today

Vulnerability management plays a critical role in ensuring the security and integrity of telecommunications networks. With the ever-evolving threat landscape and increasing sophistication of cyberattacks, effective vulnerability management is essential for telecommunications companies. But the unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Vulnerability Management Challenges…