Nov 16, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating … [Read more...] about PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released
vulnerability
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an … [Read more...] about Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Oct 05, 2024Ravie LakshmananData Privacy / Mobile Security Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of … [Read more...] about Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection … [Read more...] about Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Sep 13, 2024Ravie LakshmananVirtual Reality / Vulnerability Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel … [Read more...] about Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
Sep 03, 2024Ravie LakshmananRansomware / Malware A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of … [Read more...] about Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
Aug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database. "The default … [Read more...] about Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Aug 26, 2024Ravie LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An … [Read more...] about SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
Aug 24, 2024Ravie LakshmananVulnerability / Government Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload … [Read more...] about CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Aug 21, 2024Ravie LakshmananSoftware Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request … [Read more...] about Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data