flaw

Adload malware exploits flaw to bypass macOS protections for Safari – Go Health Pro

by
Adload malware exploits flaw to bypass macOS protections for Safari – Go Health Pro

Microsoft Threat Intelligence on Oct. 17 warned security teams that Microsoft Defender for Endpoint detected that Adload malware exploited a previously patched macOS vulnerability. Referred to as the HM Surf vulnerability, the flaw — CVE-2024-44133 — lets attackers bypass the transparency, consent, and control (TCC) protections for the Safari browser directory, giving attackers unlimited access … Read more

Fog, Akira ransomware groups exploit critical Veeam backup flaw – Go Health Pro

by
Fog, Akira ransomware groups exploit critical Veeam backup flaw – Go Health Pro

The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publication of the proof-of-concept (PoC) developed by watchTowr Labs was delayed … Read more

14 DrayTek vulnerabilities patched, including max-severity RCE flaw – Go Health Pro

by
14 DrayTek vulnerabilities patched, including max-severity RCE flaw – Go Health Pro

DrayTek patched 14 vulnerabilities affecting 24 of its router models, including a maximum severity buffer overflow flaw that could lead to remote code execution (RCE) or denial-of-service (DoS). The two critical-, nine high- and three medium-severity DrayTek bugs were discovered by Forescout Research’s Vedere Labs and described in a report titled “DRAY:BREAK” published Thursday. Shodan … Read more

Veeam patches 5 vital vulnerabilities, together with unauthenticated RCE flaw – Go Well being Professional

by
Veeam patches 5 vital vulnerabilities, together with unauthenticated RCE flaw – Go Well being Professional

Veeam launched patches for 13 high-severity and 5 vital vulnerabilities, together with one flaw in Veeam Backup & Replication that would result in unauthenticated distant code execution (RCE). The September 2024 Veeam safety bulletin, final up to date Thursday, consists of bugs found in six Veeam merchandise, with CVSS scores starting from 7.3 to 9.9. … Read more

Crucial Safety Flaw Present in LiteSpeed Cache Plugin for WordPress – Go Well being Professional

by
Crucial Safety Flaw Present in LiteSpeed Cache Plugin for WordPress – Go Well being Professional

Sep 06, 2024Ravie LakshmananWordPress / Webinar Safety Cybersecurity researchers have found one more crucial safety flaw within the LiteSpeed Cache plugin for WordPress that would permit unauthenticated customers to take management of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS rating: 7.5), impacts variations earlier than and together with 6.4.1. It has been addressed in … Read more

x