Nov 27, 2024Ravie LakshmananVulnerability / Software Security A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made … [Read more...] about Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
Critical
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, … [Read more...] about Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Nov 04, 2024Ravie LakshmananVulnerability / Cyber Threat Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out … [Read more...] about Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
CrowdStrike Earns High Scores in 2024 Gartner Critical Capabilities for Endpoint Protection
This week, Gartner released its 2024 Gartner® Critical Capabilities Report for Endpoint Protection Platforms (EPP) as a companion to last month’s 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. We’re proud to share that CrowdStrike received the highest score in both the Core Endpoint Protection and Managed Security Services Use Cases in the 2024 Gartner … [Read more...] about CrowdStrike Earns High Scores in 2024 Gartner Critical Capabilities for Endpoint Protection
Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Oct 08, 2024Ravie LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider … [Read more...] about Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Oct 05, 2024Ravie LakshmananData Privacy / Mobile Security Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of … [Read more...] about Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
Sep 06, 2024Ravie LakshmananNetwork Security / Threat Detection SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper … [Read more...] about SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, … [Read more...] about RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Aug 26, 2024Ravie LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An … [Read more...] about SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Aug 21, 2024Ravie LakshmananSoftware Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request … [Read more...] about Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data