Found 14 bookmarks
Custom sorting
Veeam warns of critical RCE bug in Service Provider Console
Veeam warns of critical RCE bug in Service Provider Console
​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
#bleepingcomputer#EN#2024#RCE#bug#DRaaS#VSPC#Veeam
·bleepingcomputer.com·
Veeam warns of critical RCE bug in Service Provider Console
Cisco warns of continued exploitation of 10-year-old ASA bug
Cisco warns of continued exploitation of 10-year-old ASA bug
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack. In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.
#scworld#EN#2024#10-year-old#ASA#bug#Cisco#CVE-2014-2120
·scworld.com·
Cisco warns of continued exploitation of 10-year-old ASA bug
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
#securityweek#EN#2024#Microsoft#Copilot#Studio#Vulnerability#information#disclosure#bug#CVE-2024-38206
·securityweek.com·
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike blames a test software bug for Windows wipeout
CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week. A Wednesday update to its remediation guide added a preliminary post incident review (PIR) that offers the antivirus maker's view of how it brought down 8.5 million Windows boxes.
#theregister#EN#2024#Windows#CrowdStrike#bug#incident#PIR#preliminary-post-incident-review
·theregister.com·
CrowdStrike blames a test software bug for Windows wipeout
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
  • Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla. The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726. Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences. The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. * Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.
#sonarsource#EN#2024#Joomla#PHP#Bug#CVE-2024-21726
·sonarsource.com·
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities