Lucene search
+L

16 matches found

The Hacker News
The Hacker News
added 2024/12/03 12:51 p.m.12 views

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance ASA. The vulnerability, tracked as CVE-2014-2120 CVSS score: 4.3, concerns a case of insufficient input validation in ASA's WebVPN login page that...

6.1CVSS9AI score0.14029EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/08/29 11:42 a.m.35 views

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox...

10CVSS10AI score0.99999EPSS
Exploits221
The Hacker News
The Hacker News
added 2024/08/27 2:0 p.m.33 views

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...

7.2CVSS7.4AI score0.04006EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/08/06 6:12 a.m.81 views

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

8.8CVSS8AI score0.73185EPSS
Exploits7
The Hacker News
The Hacker News
added 2024/08/05 6:7 a.m.32 views

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol CIP programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS...

7.3CVSS7.4AI score0.09197EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/04 9:10 a.m.86 views

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service DoS condition. "The remote code execution vulnerability in PanelView Plus involves two custom...

9.8CVSS8.6AI score0.99485EPSS
Exploits20
The Hacker News
The Hacker News
added 2024/03/21 12:48 p.m.78 views

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...

9.8CVSS8AI score0.99999EPSS
Exploits181
The Hacker News
The Hacker News
added 2024/03/06 5:54 a.m.59 views

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and writ...

10CVSS8.6AI score0.97599EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/05/10 5:34 a.m.146 views

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including 2 Exploited Zero-Day Bugs

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including two zero-day bugs that it said are being actively exploited in the wild. Trend Micro's Zero Day Initiative ZDI said the volume is the lowest since August 2021, although it pointed out that "this...

8.1CVSS8.2AI score0.84386EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/05/19 5:48 a.m.176 views

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 CVSS score: 9.8, concerns an authentication bypass that...

10CVSS1.9AI score0.99997EPSS
Exploits97
ThreatPost
ThreatPost
added 2022/03/18 8:5 p.m.175 views

Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure

In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency EASA warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert fro...

8.8AI score
Exploits0References3
ThreatPost
ThreatPost
added 2022/03/03 5:18 p.m.224 views

Phishing Campaign Targeted Those Aiding Ukraine Refugees

Cyberattackers used a compromised Ukrainian military email address to phish EU government employees who’ve been involved in managing the logistics of refugees fleeing Ukraine, according to a new report. Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and...

8.5AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/11/23 9:46 p.m.109 views

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle Manager. The critical unpatched bug is a command injection vulnerability. In a separate VMware advisory,...

9.8AI score0.23771EPSS
Exploits0References6
Schneier on Security
Schneier on Security
added 2020/07/01 2:31 p.m.18 views

Securing the International IoT Supply Chain

Together with Nate Kim former student and Trey Herr Atlantic Council Cyber Statecraft Initiative, I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our...

2.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/08/24 1:50 p.m.58 views

August 24, 2017 – Morning Cyber Coffee Headlines – “Mount Vesuvius” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 24, 2017 - Headlines Carbon Black in the News: Attacking Critical...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2011/12/13 7:48 a.m.1 views

Government organised 12 Chinese Hacker Groups behind all Attacks

Government organised 12 Chinese Hacker Groups behind all Attacks About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts a...

7.2AI score
Exploits0
Rows per page
Query Builder