Found 70 bookmarks
Custom sorting
Veeam warns of critical RCE bug in Service Provider Console
Veeam warns of critical RCE bug in Service Provider Console
​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
#bleepingcomputer#EN#2024#RCE#bug#DRaaS#VSPC#Veeam
·bleepingcomputer.com·
Veeam warns of critical RCE bug in Service Provider Console
Cisco warns of continued exploitation of 10-year-old ASA bug
Cisco warns of continued exploitation of 10-year-old ASA bug
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack. In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.
#scworld#EN#2024#10-year-old#ASA#bug#Cisco#CVE-2014-2120
·scworld.com·
Cisco warns of continued exploitation of 10-year-old ASA bug
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)
This one is a privesc bug yielding SYSTEM privileges for any VDI user, which is actually a lot worse than it might initially sound since that’s SYSTEM privileges on the server that hosts all the applications and access is ‘by design’ - allowing an attacker to impersonate any user (including administrators) and monitor behaviour, connectivity.
#watchtowr#EN#Citrix#Virtual#Apps#bug#VDI#exploit
·labs.watchtowr.com·
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
#securityweek#EN#2024#Microsoft#Copilot#Studio#Vulnerability#information#disclosure#bug#CVE-2024-38206
·securityweek.com·
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week. A Wednesday update to its remediation guide added a preliminary post incident review (PIR) that offers the antivirus maker's view of how it brought down 8.5 million Windows boxes.
#theregister#EN#2024#Windows#CrowdStrike#bug#incident#PIR#preliminary-post-incident-review
·theregister.com·
CrowdStrike blames a test software bug for Windows wipeout
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
#blackhat#2022#session#bug#writeup#presentation#macos#hidden#Vulnerabilities#Fitzl#offensivesecurity#CVE-2021-1815#CVE-2021-30972
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
#blackhat#2022#session#bug#writeup#presentation#macos#hidden#Vulnerabilities#Fitzl#offensivesecurity#CVE-2021-1815#CVE-2021-30972
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
#blackhat#2022#session#bug#writeup#presentation#macos#hidden#Vulnerabilities#Fitzl#offensivesecurity#CVE-2021-1815#CVE-2021-30972
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
  • Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla. The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726. Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences. The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. * Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.
#sonarsource#EN#2024#Joomla#PHP#Bug#CVE-2024-21726
·sonarsource.com·
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
#blackhat#2022#session#bug#writeup#presentation#macos#hidden#Vulnerabilities#Fitzl#offensivesecurity#CVE-2021-1815#CVE-2021-30972
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. Download Slides Download Whitepaper
#blackhat#2022#session#bug#writeup#presentation#macos#hidden#Vulnerabilities#Fitzl#offensivesecurity#CVE-2021-1815#CVE-2021-30972
·blackhat.com·
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...