Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user … [Read more...] about New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Flaws
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Nov 04, 2024Ravie LakshmananVulnerability / Cyber Threat Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out … [Read more...] about Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
Oct 14, 2024Ravie LakshmananNetwork Security / Vulnerability A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to … [Read more...] about Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now
Sep 27, 2024Ravie LakshmananSoftware Security / Vulnerability Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other … [Read more...] about Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
Aug 09, 2024Ravie LakshmananVulnerability / Network Security Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in … [Read more...] about Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
Aug 05, 2024Ravie LakshmananThreat Intelligence / Vulnerability Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in … [Read more...] about Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus
Jul 04, 2024NewsroomVulnerability / Critical Infrastructure Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be … [Read more...] about Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
Jul 01, 2024NewsroomSupply Chain / Software Security A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed … [Read more...] about Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
May 17, 2024NewsroomCryptojacking / Malware The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively … [Read more...] about Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
VMware Patches Severe Security Flaws in Workstation and Fusion Products
May 14, 2024NewsroomBluetooth / Vulnerability Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions … [Read more...] about VMware Patches Severe Security Flaws in Workstation and Fusion Products