vulnerability Archives - Page 4 of 22

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Issued by: The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat Analysis Group and Google Project Zero…

Vulnerabilities

Trend Micro Patches Zero-Day Endpoint Vulnerability

Issued by: Dark Reading

Trend Micro has released an advisory covering a critical zero-day flaw — tracked as CVE-2023-41179 — that affects Apex One, Apex One SaaS, and Worry-Free Business Security. The vulnerability can be exploited for arbitrary code execution, and it revolves around the “products’ ability to uninstall third-party security software.” The advisory, written in Japanese, details how…

Application Security

Google Fixes Chrome Zero-Day Exploited in the Wild

Issued by: DataBreach Today

Google released a fix on Monday for a Chrome zero-day. Like the three before it, this fourth Chrome zero-day vulnerability found in 2023 allows an attacker to remotely target a vulnerable version of the browser. An attacker could exploit the vulnerability to execute arbitrary code, mishandle the data in the browser’s memory and eventually crash…

Malware & Threats

Clop ransomware dominates ransomware space after MOVEit exploit campaign

Issued by: CSO Online

The number of ransomware attacks in July rose over 150% compared to last year and the actors behind the Clop ransomware were responsible for over a third of them. The gang took the lead from LockBit as the top ransomware threat after exploiting a zero-day vulnerability in a managed file transfer (MFT) application called MOVEit…

Vulnerabilities

Cuba Ransomware Exploits Veeam Vulnerability

Issued by: DataBreach Today

The Cuba ransomware group is exploiting a bug in data backup software exposed in March, warn security researchers. The Russian-speaking gang is deploying a combination of new and old tools, including a high-severity vulnerability in a backup application made by software developer Veeam, said BlackBerry. The Russian-speaking gang is deploying a combination of new and…

Network Security

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack

Issued by: The Hacker News

Just recently, an attack believed to be perpetrated by the Chinese hacker group Storm-0558 targeted several government agencies. They used fake digital authentication tokens to access webmail accounts running on Microsoft’s Outlook service. In this incident, the attackers stole a signing key from Microsoft, enabling them to issue functional access tokens for Outlook Web Access…

Vulnerabilities

Dell Credentials Bug Opens VMware Environments to Takeover

Issued by: Dark Reading

Hardcoded credentials in the Dell Compellent storage array service could enable attackers to take over enterprise VMware environments for any organizations running those two services in collaboration. Dell Compellent reached its end of life in 2019, and holds less than a 1% share of the data storage market, according to Enlyft. However, organizations still using…

Vulnerabilities

Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List

Issued by: DataBreach Today

A five-year old vulnerability in Fortinet SSL VPNs remains one of the most widely exploited flaws in enterprise networks, despite repeat patch warnings. So say cybersecurity officials across the U.S. and its Five Eyes intelligence alliance partners in a new joint security advisory detailing the 12 most common vulnerabilities and exposures that were most “routinely…

News

Ivanti Zero-Day Exploit Disrupts Norway’s Government Services

Issued by: Dark Reading

A zero-day authentication bypass vulnerability in Ivanti software was exploited to carry out an attack on the Norwegian Ministries Security and Service Organization. The attack affected communications networks at 12 Norwegian government ministries, according to the original statement, preventing employees in those departments from accessing mobile services and email. The government noted that the Prime…

Vulnerabilities

Adobe warns customers of a critical ColdFusion RCE exploited in attacks

Issued by: Security Affairs

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the company to its customers….