addressed
-
Attacks could enable the creation of malicious content that could escape the Web Content sandbox.
-
Nearly 4,500 internet-exposed SonicWall firewalls were discovered by Bishop Fox researchers to be at risk of having their VPN sessions taken over in attacks exploiting a recently patched high-severity authentication bypass flaw within the SonicOS SSLVPN application, tracked as CVE-2024-53704, according to BleepingComputer.
-
SAP has released its latest round of security patches, addressing 19 new vulnerabilities and updating 2 previous Security The post SAP Security Patch Day February 2025: Multi Vulnerabilities Addressed appeared first on Cybersecurity News.
-
Investigation into the incident is still underway, said a University of Oklahoma spokesperson, who also noted the implementation of additional network security measures.
-
Investigation into the incident is still underway, said a University of Oklahoma spokesperson, who also noted the implementation of additional network security measures.
-
Investigation into the incident is still underway, said a University of Oklahoma spokesperson, who also noted the implementation of additional network security measures.
-
SecurityWeek reports that Rockwell Automation has issued fixes for a trio of critical flaws impacting Allen-Bradley PowerMonitor 1000 instances, which could be leveraged to infiltrate and disrupt industrial systems.
-
SecurityWeek reports that Rockwell Automation has issued fixes for a trio of critical flaws impacting Allen-Bradley PowerMonitor 1000 instances, which could be leveraged to infiltrate and disrupt industrial systems.
-
Microsoft’s December Patch Tuesday update, the last one of 2024, addresses a massive number of vulnerabilities, including 71 newly identified flaws across various products.
-
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
-
MalBot December 10, 2024, 11:00pm 1 Such a flaw, which could be exploited without authentication, stems from a command injection issue in Imagebuilder that enables arbitrary command injections in the build process and truncated SHA-256 hash collisions that allow reduced entropy that ultimately results in artifact cache compromise, according to OpenWrt.
-
Veeam addressed critical Service Provider Console (VSPC) bug
-
MalBot November 27, 2024, 5:20pm 1 Attackers could exploit the Data Virtualization Manager for z/OS flaw, tracked as CVE-2024-52899, to facilitate malicious JDBC URL parameter injections and run arbitrary code, while the Security SOAR prototype pollution issue, tracked as CVE-2024-45801, could be leveraged to trigger arbitrary code execution and denial-of-service condition.
-
BleepingComputer reports that updates have been issued by QNAP to remediate several flaws impacting its routers, network-attached storage app, and other offerings, three of which were critical.
-
Apple addressed two actively exploited zero-day vulnerabilities
-
MalBot November 13, 2024, 10:20pm 1 The Government Accountability Office said its unaddressed cyber guidance can result “in potential adverse impact on healthcare providers and patient care.”
-
MalBot November 13, 2024, 3:50pm 1 Immediate patching of the severe vulnerabilities in impacted Aruba Network products, including AOS-10.4.x.x: 10.4.1.4 and below, Instant AOS-8.12.x.x: 8.12.0.2 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below, has been urged by Arctic Wolf researchers despite lack of evidence suggesting active exploitation.
-
Zoom addressed two high-severity issues in its platform
-
Microsoft’s November 2024 Patch Tuesday: 89 Vulnerabilities Addressed, Two Active Zero-Day Exploits
·
Microsoft has released its latest security updates with November 2024 Patch Tuesday, addressing a broad range of security vulnerabilities across its products. This month’s release includes fixes for 89 CVEs, covering various threat categories, with Remote Code Execution (RCE) and Privilege Escalation flaws taking the lead. Notably, these updates include two actively exploited zero-day vulnerabilities.
-
MalBot October 31, 2024, 3:20pm 1 QNAP’s patches for the SQLi issue come just days after it addressed another zero-day impacting its HBS 3 Hybrid Backup Sync disaster recovery and data backup solution, which was discovered and leveraged by the Viettel Cyber Security team to compromise a TS-464 network-attached storage device during the competition.