Two of six critical vulnerabilities in Palo Alto Networks’ Expedition Migration tool, which the company patched in October, are being actively exploited according to the US Cybersecurity and Infrastructure Security Agency. CISA has now added the two vulnerabilities — CVE-2024-9463 and CVE-2024-9465 — to its known exploited vulnerabilities (KEV) catalog, putting CISOs who ignored last […]
Category Archives: Security, Vulnerabilities
Auto Added by WPeMatico
Threat actors are dropping a new info-stealer on Windows systems that uses the bring your own vulnerable driver (BYOVD) technique to extract victims’ browser data, software details, and credit card data, along with other system details. The global cybersecurity company Kaspersky Labs said it observed more than 11,000 attack attempts in the last three months […]
Security researchers at Mindgard have uncovered two security vulnerabilities in Azure AI Content Safety, Microsoft’s filter system for its AI platform. The vulnerabilities create a potential means for attackers to bypass content safety guardrails before pushing malicious content onto a protected large language model (LLM) instance, according to Mindgard. In response to queries from CSO, […]
Researchers from ETH Zurich have discovered new vulnerabilities in Intel and AMD processors, six years after the Spectre security flaws were first identified. The new Spectre variant, named “Post-Barrier Spectre,” allows attackers to bypass critical security barriers and access sensitive information, such as hashed passwords, despite earlier mitigations designed to prevent such attacks. The research, […]
Microsoft has admitted that it failed to collect crucial security logs for nearly a month due to a bug, leaving enterprise customers vulnerable to cyberattacks. The issue, which occurred between September 2 and October 3, disrupted the collection of vital log data used to monitor suspicious activity, such as unauthorized logins and network behavior. Affected […]
A security oversight by SolarWinds developers in August allowing remote access to sensitive credentials within its Web Help Desk (WHD) product has found active exploitations in the wild. According to an update by the US Cybersecurity and Infrastructure Security Agency (CISA), the flaw tracked as CVE-2024-28987 has become one of the frequent attack vectors for […]
Apache geht auf die Jagd nach eigenen Fehler und macht fette Beute. monticello – shutterstock.com Eine neue Sicherheitslücke in Apache OFBiz, einem Java-basierten ERP-Framework für Geschäftsprozesse wie Buchhaltung und E-Commerce, ermöglicht es Angreifern, zuvor für drei kritische RCE-Schwachstellen eingesetzte Patches zu umgehen. Um zu verhindern, dass die alten Patches selbst ausgenutzt werden können, haben die Entwickler […]
Distinct groups of cybercriminals have been exploiting the CosmicSting flaw in Adobe’s Commerce and Magento software to steal customers’ payment information. According to research by Sansec, miscreants have used the flaw, also tracked as CVE-2024-34102, to hack at least 5% of all Adobe Commerce and Magento stores this summer, breaking into thousands of brands using […]
Cisco has issued a patch that fixes a severe password weakness in many versions of its Smart Software Manager On-Prem (Cisco SSM On-Prem), used by a subset of customers to manage product licenses using an on-premises server. The company is vague about the details of the vulnerability, identified as CVE-2024-20419 (CWE-620), but it is serious […]