CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning ERP system to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7971link is external Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and po...

USN-6967-1 intel-microcode vulnerabilities

It was discovered that some Intel® Core™ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. CVE-2023-42667 It was discovered that some Intel® Processors did not properly isolate the stream cache. A local...

ALPINE-CVE-2024-24853

Incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2024-24853

Incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2024-24853

Incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a privileged user to potentially enable escalation of privilege via local access...

UBUNTU-CVE-2024-24853

Incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a privileged user to potentially enable escalation of privilege via local access...

PT-2024-9889

Name of the Vulnerable Software and Affected Versions: Intel Processor affected versions not specified Description: The issue is related to an incorrect behavior order in the transition between the executive monitor and the SMI transfer monitor STM in some Intel processors. This may allow a...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

Measuring, Communicating, and Eliminating Risk With TruRisk™ in Qualys Web Application Scanning (WAS)

In an era where cyber threats loom larger and more complex than ever, organizations demand not just defense but intelligent, cohesive strategies for managing cyber risks. With the Enterprise TruRisk Platform, Qualys reaffirmed its commitment to these needs by focusing its cybersecurity solutions ...

Cyber A.I. Group Announces the Engagement of Walter L. Hughes as Chief Executive Officer

Miami, United States, 20th June 2024, CyberNewsWire...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability CVE-2023-43208 NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability These type...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Thes...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbo...

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 CVSS score: 7.2,...

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House sai...

Biden Executive Order Bans Sale of US Data to China, Russia. Good Luck

The White House issued an executive order on Wednesday that aims to prevent the sale of Americans' data to “countries of concern,” including China and Russia. Its effectiveness may vary...

U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly,...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-48618 Apple Multiple Products Memory Corruption Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21893 Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery SSRF Vulnerability These types of vulnerabilities are frequent attack vectors...