Oct 08, 2024Ravie LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider … [Read more...] about Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Critical
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Oct 05, 2024Ravie LakshmananData Privacy / Mobile Security Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of … [Read more...] about Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
Sep 06, 2024Ravie LakshmananNetwork Security / Threat Detection SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper … [Read more...] about SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, … [Read more...] about RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Aug 26, 2024Ravie LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An … [Read more...] about SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Aug 21, 2024Ravie LakshmananSoftware Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request … [Read more...] about Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
Aug 15, 2024Ravie LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was … [Read more...] about SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild
Jul 29, 2024Ravie LakshmananEnterprise Security / Data Protection Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default … [Read more...] about Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Jul 11, 2024NewsroomVulnerability / Enterprise Security Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration … [Read more...] about Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus
Jul 04, 2024NewsroomVulnerability / Critical Infrastructure Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be … [Read more...] about Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus