Search cyberveille.decio.ch

Found 23 bookmarks

Custom sorting

SonicWall urges admins to patch exploitable SSLVPN bug immediately

SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is

#bleepingcomputer #EN #2024 #Authentication-Bypass #Firewall #Security-Advisory #SonicWall #Vulnerability

·bleepingcomputer.com·Jan 9, 2025

SonicWall urges admins to patch exploitable SSLVPN bug immediately

Hackers exploit Roundcube webmail flaw to steal email, credentials

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.

#bleepingcomputer #EN #2024 #Actively-Exploited #CVE-2024-37383 #Cross-Site-Scripting #Email #Roundcube #Vulnerability #XSS

·bleepingcomputer.com·Oct 22, 2024

Hackers exploit Roundcube webmail flaw to steal email, credentials

Jetpack fixes critical information disclosure flaw existing since 2016

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.

#bleepingcomputer #2024 #EN #Information #Security #Vulnerability #WordPress #Computer #InfoSec #Plugin #Disclosure #Jetpack

·bleepingcomputer.com·Oct 16, 2024

Jetpack fixes critical information disclosure flaw existing since 2016

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.

#bleepingcomputer #EN #2024 #AI #Artificial-Intelligence #Cloud #Cloud-Security #Container-Escape #NVIDIA #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Oct 1, 2024

Critical flaw in NVIDIA Container Toolkit allows full host takeover

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.

#bleepingcomputer #EN #2024 #LoadMaster #Progress-Software #RCE #Remote-Command-Execution #Vulnerability

·bleepingcomputer.com·Sep 8, 2024

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

#bleepingcomputer #EN #2024 #D-Link #End-of-Life #End-of-Service #Hardware #RCE #Remote-Code-Execution #Vulnerability #DIR-846W

·bleepingcomputer.com·Sep 7, 2024

D-Link says it is not fixing four RCE flaws in DIR-846W routers

Veeam warns of critical RCE flaw in Backup & Replication software

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.

#bleepingcomputer #EN #2024 #RCE #Remote-Code-Execution #Veeam #Veeam-Backup-&-Replication #Veeam-ONE #Vulnerability

·bleepingcomputer.com·Sep 6, 2024

Veeam warns of critical RCE flaw in Backup & Replication software

Windows driver zero-day exploited by Lazarus hackers to install rootkit

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day

#bleepingcomputer #EN #2024 #Your #Lazarus #Own #BYOVD #Driver #Zero-Day #Vulnerability #Bring #CVE-2024-38193 #Group #Microsoft

·bleepingcomputer.com·Aug 20, 2024

Windows driver zero-day exploited by Lazarus hackers to install rootkit

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.

#bleepingcomputer #EN #2024 #Hotfix #Remote-Command-Execution #SolarWinds #Vulnerability #Web-Help-Desk

·bleepingcomputer.com·Aug 16, 2024

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

Critical SAP flaw allows remote attackers to bypass authentication

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.

#bleepingcomputer #EN #2024 #Authentication-Bypass #SAP #SSRF #Vulnerability #CVE-2024-41730

·bleepingcomputer.com·Aug 13, 2024

Critical SAP flaw allows remote attackers to bypass authentication

Telegram zero-day allowed sending malicious Android APKs as videos

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.

#bleepingcomputer #EN #2024 #0-day #Computer #APK #EvilVideo #Telegram #Mobile #Zero-Day #InfoSec #Android #Vulnerability

·bleepingcomputer.com·Jul 23, 2024

Telegram zero-day allowed sending malicious Android APKs as videos

Critical Exim bug bypasses security filters on 1.5 million mail servers

Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.

#bleepingcomputer #EN #2024 #Bypass #Email #Exim #Mail #Security-Bypass #Vulnerability

·bleepingcomputer.com·Jul 12, 2024

Critical Exim bug bypasses security filters on 1.5 million mail servers

Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.

#bleepingcomputer #EN #2024 #GitLab #Pipeline #Security-Advisory #Vulnerability

·bleepingcomputer.com·Jun 27, 2024

Critical GitLab bug lets attackers run pipelines as any user

Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.

#bleepingcomputer #EN #2024 #E-Commerce #Prestashop #SQL-Injection #Vulnerability #Website

·bleepingcomputer.com·Jun 24, 2024

Facebook PrestaShop module exploited to steal credit cards

Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.

#bleepingcomputer #en #2024 #Actively-Exploited #Black-Basta #Ransomware #Vulnerability #Zero-Day #CVE-2024-26169

·bleepingcomputer.com·Jun 15, 2024

Black Basta ransomware gang linked to Windows zero-day attacks

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

#bleepingcomputer #EN #2024 #Authentication-Bypass #D-Link #Exploit #Proof-of-Concept #Remote-Command-Execution #Router #Vulnerability #Zero-Day #Security #InfoSec #Computer-Security

·bleepingcomputer.com·May 14, 2024

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.

#bleepingcomputer #EN #2024 #Actively-Exploited #Plugin #SQL-Injection #Vulnerability #WordPress #WP-Automatic

·bleepingcomputer.com·Apr 27, 2024

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Over 92,000 exposed D-Link NAS devices have a backdoor account

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.

#bleepingcomputer #En #2024 #Backdoor #Command-Injection #D-Link #EOL #NAS #Remote-Code-Execution #Vulnerability

·bleepingcomputer.com·Apr 6, 2024

Over 92,000 exposed D-Link NAS devices have a backdoor account

Google fixes two Pixel zero-day flaws exploited by forensics firms

Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.

#bleepingcomputer #EN #2024 #Android #Forensics #Google #Google-Pixel #Mobile #Pixel #Vulnerability #Zero-Day #GrapheneOS

·bleepingcomputer.com·Apr 3, 2024

Google fixes two Pixel zero-day flaws exploited by forensics firms

Ivanti fixes critical Standalone Sentry bug reported by NATO

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers.

#bleepingcomputer #EN #2024 #Ivanti #NATO #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Mar 20, 2024

Ivanti fixes critical Standalone Sentry bug reported by NATO

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

#bleepingcomputer #EN #2024 #Backdoor #Ivanti #Malware #SSRF #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Feb 13, 2024

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Leaky Vessels flaws allow hackers to escape Docker, runc containers

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.

#bleepingcomputer #EN #2024 #Cloud #Container #Container-Escape #Docker #Leaky-Vessels #Vulnerability #CVE-2024-21626 #CVE-2024-23651 #CVE-2024-23652 #CVE-2024-23653

·bleepingcomputer.com·Feb 4, 2024

Leaky Vessels flaws allow hackers to escape Docker, runc containers

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

#bleepingcomputer #EN #2024 #Account-Takeover #Alert #Exposed #GitLab #Password-Reset #Security #Vulnerability

·bleepingcomputer.com·Jan 24, 2024

Over 5,300 GitLab servers exposed to zero-click account takeover attacks