News

Articles tagged with flaw

io-data-logo-04-12-24.png

Japan warns of IO-Data zero-day router flaws exploited in attacks

Category: IT|Dec 4, 2024 | Author: Admin

Japan's CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. [more]

Fortinet-21-11-24.png

Fortinet VPN design flaw hides successful brute-force attacks

Category: IT|Nov 21, 2024 | Author: Admin

A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. [more]

CISA-19-11-24.png

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

Category: General|Nov 19, 2024 | Author: Admin

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [more]

back-17-11-24.png

Security plugin flaw in millions of WordPress sites gives admin access

Category: IT|Nov 17, 2024 | Author: Admin

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. [more]

2_1_0_back-2-31-10-24.png

qBittorrent fixes flaw exposing users to MitM attacks for 14 years

Category: IT|Oct 31, 2024 | Author: Admin

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app. [more]

solarwinds-22-10-24.png

SolarWinds Web Help Desk flaw is now exploited in attacks

Category: IT|Oct 22, 2024 | Author: Admin

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [more]

headpic-07-10-24.png

Recently patched CUPS flaw can be used to amplify DDoS attacks

Category: IT|Oct 7, 2024 | Author: Admin

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [more]

Aruba-01-10-24.png

HPE Aruba Networking fixes critical flaws impacting Access Points

Category: IT|Oct 1, 2024 | Author: Admin

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. [more]

linux-headpic-27-09-24.png

CUPS flaws enable Linux remote code execution, but there’s a catch

Category: IT|Sep 27, 2024 | Author: Admin

Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. [more]

netgear-12-06-24.png

Netgear WNR614 flaws allow device takeover, no fix available

Category: IT|Jun 12, 2024 | Author: Admin

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [more]


DDoS-22-01-25.png

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

Category: IT|Jan 22, 2025 | Author: Admin
Micosoft_Exchange-21-01-25.png

Microsoft: Exchange 2016 and 2019 reach end of support in October

Category: Microsoft|Jan 21, 2025 | Author: Admin
Outlook-20-01-25.png

Microsoft shares temp fix for Outlook crashing when writing emails

Category: Microsoft|Jan 20, 2025 | Author: Admin
TikTok-19-01-25.png

TikTok shuts down in the US as Trump throws the company a lifeline

Category: IT|Jan 19, 2025 | Author: Admin
Discord-18-01-25.png

Malicious PyPi package steals Discord auth tokens from devs

Category: IT|Jan 18, 2025 | Author: Admin
China_matrix-17-01-25.png

GDPR complaints filed against TikTok, Temu for sending user data to China

Category: IT|Jan 17, 2025 | Author: Admin
Fortinet-16-01-25.png

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

Category: General|Jan 16, 2025 | Author: Admin
windows-blue-background-15-01-25.png

January Windows updates may fail if Citrix SRA is installed

Category: Microsoft|Jan 15, 2025 | Author: Admin
nominet-14-01-25.png

UK domain registry Nominet confirms breach via Ivanti zero-day

Category: IT|Jan 14, 2025 | Author: Admin
back-13-01-25.png

Phishing texts trick Apple iMessage users into disabling protection

Category: Apple|Jan 13, 2025 | Author: Admin
church-12-01-25.png

Pastor who saw crypto project in his "dream" indicted for fraud

Category: IT|Jan 12, 2025 | Author: Admin
LDAPNightmare-11-01-25.png

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

Category: IT|Jan 11, 2025 | Author: Admin
Outlook-for-Windows-10-01-25.png

Microsoft to force install new Outlook on Windows 10 PCs in February

Category: Microsoft|Jan 10, 2025 | Author: Admin
proton-mail-header-09-01-25.png

Proton Mail still down as Proton recovers from worldwide outage

Category: IT|Jan 9, 2025 | Author: Admin
backdoror-web-shells-08-01-25.png

Over 4,000 backdoors hijacked by registering expired domains

Category: IT|Jan 8, 2025 | Author: Admin
more