Lucene search
K

11 matches found

The Hacker News
The Hacker News
added 2023/08/24 8:21 a.m.79 views

Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 CVSS score: 7.5, the vulnerability relates to a path traversal vulnerability in Openfire's...

8.6CVSS8.2AI score0.99999EPSS
Exploits15
Malwarebytes
Malwarebytes
added 2023/07/27 8:15 a.m.51 views

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

The Cybersecurity and Infrastructure Security Agency CISA added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch FCEB agencies must remediate this...

7.5CVSS6.7AI score0.99999EPSS
Exploits14
Trellix
Trellix
added 2023/03/01 12:0 a.m.217 views

The Bug Report – February 2023 Edition

The Bug Report – February 2023 Edition By Trellix · March 1, 2023 This story was also written by Sam Quinn. Figure 1: Ironic. It could protect other devices from threats, but not itself. Why am I here? Welcome back to the Bug Report! For those in the audience unfamiliar with our shtick, we compil...

9.2AI score0.99815EPSS
Exploits24
Malwarebytes
Malwarebytes
added 2023/02/08 10:0 a.m.17 views

Update now! GoAnywhere MFT zero-day patched

An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...

8.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/05/24 12:0 a.m.12 views

The Fault in Our Kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...

1.3AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/05/24 12:0 a.m.14 views

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/10 8:58 a.m.68 views

SAP customers are urged to patch critical vulnerabilities in multiple products

German enterprise software maker SAP has patched three critical vulnerabilities affecting Internet Communication Manager ICM, a core component of SAP business applications. Customers are urged by both SAP and CISA to address these critical vulnerabilities as soon as possible. On February 8, SAP...

10CVSS8.7AI score0.97945EPSS
Exploits8
Trellix
Trellix
added 2021/11/30 12:0 a.m.40 views

The Bug Report November 2021 Edition

The Bug Report — November 2021 Edition By Mark Bereza · November 30, 2021 Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report ...

10CVSS8.2AI score0.19087EPSS
Exploits2
ThreatPost
ThreatPost
added 2017/10/18 9:51 a.m.44 views

Critical Code Execution Flaw Patched in PeopleSoft Core Engine

Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...

7.5CVSS0.6AI score0.43492EPSS
Exploits4References4
ThreatPost
ThreatPost
added 2017/07/19 6:0 a.m.10 views

Bad Code Library Triggers Devil's Ivy Vulnerability in Millions of IoT Devices

Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them. The vulnerability, dubbed Devil’s Ivy, was identified by ​researchers at Senrio...

Exploits0References3
The Hacker News
The Hacker News
added 2014/01/03 6:55 p.m.12 views

Hacking Wireless DSL routers via Administrative password Reset Vulnerability

If you want to hack a Netgear and Linkys Wireless Routers, there is a quick backdoor entry available, that allow an attacker to reset the admin panel password to defaults. Eloi Vanderbeken, a hacker and reverse-engineer from France has discovered an administration password Reset vulnerability in...

7.5AI score
Exploits0
Rows per page
Query Builder