Tag: vulnerability

Critical VMWare vCenter Server RCE Vulnerability Fixed

Broadcom fixed two pretty severe flaws in a recent security update

On Tuesday, September 17, Broadcom released a security update that fixes a critical remote code execution flaw in VMWare vCenter Server software. Disclosed upon the patch release, this flaw has got a significant CVSS score of 9.8, reflective of how severe the exploitation consequences can be. The company offers no mitigation ways, just installing the… Continue reading Critical VMWare vCenter Server RCE Vulnerability Fixed

Top 3 Vulnerabilities of 2024: How to Block and Prevent

Through the last 5 years, more and more attacks are done with the use of vulnerabilities

Any successful remote cyberattack starts with penetration of the target network. Regardless of the type of threat (spyware, ransomware, or infostealer), first it must be delivered before it can be deployed. Attackers use a variety of methods and tools to accomplish this. Some of them require some action on the part of the individual. Others,… Continue reading Top 3 Vulnerabilities of 2024: How to Block and Prevent

Critical RCE Vulnerability in GiveWP WordPress Plugin

Another vulnerability with max CVSS was found and fixed.

A critical vulnerability has been discovered in the GiveWP WordPress plugin that leaves thousands of websites exposed. The vulnerability is of a high severity and allows for controlling the entire affected website without any authentication. A fix is currently available to address this vulnerability, so users should update as soon as possible. Critical RCE vulnerability… Continue reading Critical RCE Vulnerability in GiveWP WordPress Plugin

Google Pixel Devices Shipped with Vulnerable App

Some Google Pixel devices from showroom has vulnerable app

Recent research has uncovered a vulnerable app in the Android package on a whole bunch of Google Pixel smartphones. Devices shipped worldwide since September 2017 may be susceptible to malware deployment by malicious actors. This issue is linked to a pre-installed app called “Showcase.apk”, that is particularly used on showroom devices. Google Pixel Phones Contain… Continue reading Google Pixel Devices Shipped with Vulnerable App

Critical Windows TCP/IP Vulnerability Uncovered, Patch Now

A critical vulnerability in the Windows TCP/IP stack allows unauthenticated remote code execution (RCE)

A critical vulnerability has been discovered in the Windows TCP/IP stack that allows unauthenticated remote code execution (RCE). This vulnerability can be exploited remotely by sending specially crafted IPv6 packets to the target system. Successful exploitation could allow an attacker to execute arbitrary code on the target system and affects all supported versions of Windows… Continue reading Critical Windows TCP/IP Vulnerability Uncovered, Patch Now

Critical SAP Auth Bypass and SSRF Flaws Fixed, Update Now

August 2024 update from SAP fixes huge amount of vulnerabilities, including two severe ones

SAP, the developer of business management software, released a huge security update that fixes numerous vulnerabilities in their software. Among them are severe authentication bypass and server-side request forgery vulnerabilities rated at CVSS 9.8 and 9.1 respectively. The company urges installing updates as soon as possible, as the mentioned flaws affect a substantial number of… Continue reading Critical SAP Auth Bypass and SSRF Flaws Fixed, Update Now

1Password Vulnerability for MacOS Causes Credentials Leak

1Password vulnerability was found and fixed

A critical vulnerability was discovered in 1Password that allows attackers to steal vault items by bypassing the app’s security measures. It affects only the macOS version of the program, and touches every single version of the app. A patch is now available, and users are strongly advised to update as soon as possible. 1Password Vulnerability… Continue reading 1Password Vulnerability for MacOS Causes Credentials Leak

Windows COM Vulnerability Exploited by Chinese Hackers

Chinese hackers abuse the old Windows flaw with email attachments

A vulnerability in Windows COM, first discovered in 2018, has become the target of attacks once again. A Chinese hacker group, likely affiliated with the Ministry of State Security of the People’s Republic of China, has exploited this vulnerability in an attack on a research center in Taiwan. Microsoft offers a non-obvious solution to this… Continue reading Windows COM Vulnerability Exploited by Chinese Hackers

Apache OFBiz RCE Vulnerability Discovered, Patch Now

Another vulnerability that could cause trouble was discovered in Apache OFBiz

A vulnerability, CVE-2024-38856, has been discovered in Apache OFBiz that allows unauthenticated remote code execution. A patch is currently available, and the developer heavily recommends installing it, as hackers will not hesitate exploiting the issue after the disclosure. Considering the high CVSS score of the flaw, not much more motivation should be given. Critical Apache… Continue reading Apache OFBiz RCE Vulnerability Discovered, Patch Now

Docker Engine Authentication Bypass Vulnerability Exploited

The old-new critical vulnerability was found in the Docker Engine

Attackers are actively exploiting a critical vulnerability in the Docker Engine that may allow for authentication bypass in a chain attack. This vulnerability allows attackers to bypass AuthZ authorization plugins, effectively mutilating any auth control. For this and several other reasons, the flaw got the max severity score possible (10.0). Critical Docker Engine Flaw Allows… Continue reading Docker Engine Authentication Bypass Vulnerability Exploited