News
Entertainment
Science & Technology
Life
Culture & Art
Hobbies
News
Entertainment
Science & Technology
Culture & Art
Hobbies
Sophos addressed three critical vulnerabilities in its Firewall product: CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729. These vulnerabilities posed significant security risks, including remote code execution and unauthorized system access. CVE-2024-12727 This pre-authentication SQL in
On 12 May 2023, Horizon3 researcher Zach Hanley found an unauthenticated limited file read vulnerability in FortiWLM that he promptly disclosed to Fortinet. On 18 December 2024, it was given a name—CVE-2023-34990—and Fortinet released an advisory warning users of its severity. This flaw brought w
Apache Tomcat, one of the most widely used open-source application servers for running Java applications, has long been trusted by organizations around the world. However, as with all widely used software, vulnerabilities can pose significant risks if not addressed promptly. Recently, a critical
The Apple Security Update December 2024 addresses flaws in Safari, macOS Sonoma, macOS Ventura, and macOS Sequoia. These flaws might allow attackers to execute arbitrary code, access sensitive data, or gain elevated privileges. The updates address issues in components like AppleMobileFileIntegrity,
First discovered in 2014 by researcher Jonathan Claudius, CVE-2014-2120 is a vulnerability caused by insufficient input validation in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. This flaw could allow an unauthenticated remote attacker to execute an XSS attack against a
Keeping your operating systems up to date is no longer just a best practice, it is a necessity in today’s world. With the increasing frequency of cyberattacks and the complexity of IT environments, effective OS patch management has become critical for enterprises of all sizes. This blog will explore
VMware has released security updates to address five vulnerabilities in its Aria Operations (version 8.x) and Cloud Foundation (versions 4.x and 5.x utilizing Aria Operations). Formerly known as VMware vRealize Operations, Aria Operations is a robust cloud management and operations platform designed
The Russian cybercrime group RomCom has been linked to a series of cyberattacks launched across the world. The notorious hackers are chaining two Firefox and Windows flaws to deliver a backdoor and compromise vulnerable systems. The two zero-days involved in this attack are CVE-2024-9680 (CVSS s
In 2015, the world was stunned by one of the largest and most devastating data breaches in history. The scale of the attack left enterprises scrambling to patch their systems, as did the type of sensitive information that was stolen. The OPM breach exposed the personal data of over 21 million ind
Staying a step ahead of potential threats is key to preventing devastating cyberattacks. One of the most effective ways to maintain this edge is through regular scanning reports. A scanning report is a snapshot of your enterprise’s vulnerabilities and risks at a given point in time. Cybersecurity is
This month, Microsoft released security updates addressing 88 vulnerabilities, four of which were zero-days and four critical. Two of the zero-days are known to have been actively exploited, and three have been publicly disclosed. The chart below offers some insight into the types of vulnerabilities
Healthcare has taken center stage in cybercriminals’ crosshairs. Hospitals, clinics, and health systems are brimming with sensitive patient data that’s not just personal, it’s priceless. From patient records to medical devices, healthcare’s digital assets are targeted by hackers, costing billions an
Cisco is warning users of a new flaw in the Remote Access VPN (RAVPN) service of its Adaptive Security Appliance and Firepower Threat Defense Software. CVE-2024-20481 has a CVSS score of 5.8, which can lead to a denial-of-service (DoS) condition. An unauthenticated, remote attacker could exploit thi
In the constantly changing world of cybersecurity, keeping abreast of vulnerabilities is essential for preserving the integrity of your systems. Recently, F5 has disclosed two significant vulnerabilities: CVE-2024-47139, related to BIG-IQ and CVE-2024-45844 affecting BIG-IP. This blog post will go
Broadcom has released security updates addressing CVE-2024-38812, a heap-overflow vulnerability in VMWare vCenter Server. With a CVSS score of 9.8, this critical vulnerability is present in implementing the DCE/RPC protocol and could lead to RCE. An attacker with network access to the vCenter Server
Oracle has released its Critical Patch Update (CPU) for October 2024, containing 334 new security patches across various product families, including Oracle Database Server, Oracle MySQL, Oracle Communications, Oracle E-Business Suite, Oracle Fusion Middleware, and more. This update addresses vulnera
In October 2024, Adobe issued security updates to fix several vulnerabilities in Adobe Substance 3D Painter, Adobe Commerce, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, Adobe Substance 3D Stager, and Adobe FrameMaker. Cyber attackers could exploit these flaws to ga
Microsoft Windows, the world's most widely used desktop OS, is at risk! The Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert, warning Windows users in India of several vulnerabilities in Microsoft products and urging them to update their systems immediately. The vuln
This month, Microsoft released security updates addressing 118 vulnerabilities, of which 5 were publicly disclosed in zero days, and 3 were critical RCE flaws. Two of the zero days are known to have been actively exploited. The chart below offers some insight into the types of vulnerabilities found.
Zimbra has issued an advisory regarding a critical vulnerability identified as CVE-2024-45519, found in its postjournal service. This flaw has been classified as having a high severity level, allowing unauthenticated users to execute arbitrary commands on vulnerable systems. The vulnerability was f
It's been a rough year for Linux! The XZ Utils bug caused tremors worldwide in March, and with the recent discovery of a potential chain attack on the CUPS open-source printing system, Linux seems to be caught in a veritable maelstrom of vulnerabilities. The flaws involved are present within vari