Experimental News Clipping Site

Tag: CVE

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/12/16/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/12/13/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.  CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

  • The Register: Apache issues patches for critical Struts 2 RCE bug

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/12/apache_struts_2_vuln/ Source: The Register Title: Apache issues patches for critical Struts 2 RCE bug Feedly Summary: More details released after devs allowed weeks to apply fixes We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.……

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for…

  • The Register: Three more vulns spotted in Ivanti CSA, all critical, one 10/10

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/11/ivanti_vulns_critical/ Source: The Register Title: Three more vulns spotted in Ivanti CSA, all critical, one 10/10 Feedly Summary: Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect…

  • The Register: US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/11/sichuan_silence_sophos_zeroday_sanctions/ Source: The Register Title: US names Chinese national it alleges was behind 2020 attack on Sophos firewalls Feedly Summary: Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the…

  • Krebs on Security: Patch Tuesday, December 2024 Edition

    by

    system automation
    in

    Source URL: https://krebsonsecurity.com/2024/12/patch-tuesday-december-2024-edition/ Source: Krebs on Security Title: Patch Tuesday, December 2024 Edition Feedly Summary: Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common……

  • Cisco Talos Blog: Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/december-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities Feedly Summary: The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”  AI Summary and Description: Yes **Summary:** The December 2024 Patch…

  • The Register: AMD secure VM tech undone by DRAM meddling

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/10/amd_secure_vm_tech_undone/ Source: The Register Title: AMD secure VM tech undone by DRAM meddling Feedly Summary: Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory Researchers have found that the security mechanism AMD uses to protect virtual machine memory can be bypassed with $10 of hardware – and perhaps not even that.……

  • The Register: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/10/cleo_vulnerability/ Source: The Register Title: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack Feedly Summary: Thousands of servers targeted while customers wait for patches Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.… AI Summary and Description: Yes Summary:…