CVE/vulnerability

Chinese Hackers Exploit New Zero-Day in Barracuda’s ESG to Deploy Backdoor

Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841. Additionally, the vulnerability targeted only a limited number of ESG devices.  However, Barracuda has deployed a security update to all the active ESGs to address this vulnerability, and has been […]

The post Chinese Hackers Exploit New Zero-Day in Barracuda’s ESG to Deploy Backdoor appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

December 28, 2023
0 comment
Read More >>

Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication

A new vulnerability has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Apache OfBiz is used as a part of the software supply chain in Atlassian’s JIRA, which is predominantly used in several organizations. This vulnerability was a bypass to a previously discovered vulnerability, CVE-2023-49070. Since the root issue of CVE-2023-49070 […]

The post Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

December 28, 2023
0 comment
Read More >>

FortiSIEM Injection Flaw: Let Attackers Execute Malicious Commands

Fortinet notifies users of a critical OS command injection vulnerability in the FortiSIEM report server that might enable an unauthenticated, remote attacker to execute malicious commands via crafted API requests. FortiSIEM is Fortinet’s security information and event management (SIEM) solution, which assists in identifying insider and incoming threats that could pass standard defenses.  “An improper […]

The post FortiSIEM Injection Flaw: Let Attackers Execute Malicious Commands appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 17, 2023
0 comment
Read More >>

ManageEngine Information Disclosure Flaw Exposes Encryption Keys

ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability which is tracked as CVE-2023-6105. This vulnerability affects multiple ManageEngine products, including ADManager, ADSelfService, M365 Manager, Endpoint Central, Service Desk, Access Manager, and many others. The severity […]

The post ManageEngine Information Disclosure Flaw Exposes Encryption Keys appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 16, 2023
0 comment
Read More >>

Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs

A critical CPU vulnerability can pose a significant threat by allowing:- Exploitation of such vulnerabilities can lead to widespread cyberattacks and significant disruptions. Recently, Google noted a rise in CPU vulnerabilities this year, as August disclosures reveal the following vulnerabilities for the Intel and AMD CPUs:- Besides this, Google recently identified a new CPU vulnerability […]

The post Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 16, 2023
0 comment
Read More >>

SysAid IT Service Software 0-day Exploited to Deploy Cl0p Ransomware

SysAid On-Prem software has been reported with a 0-day vulnerability determined during an incident response investigation. According to Microsoft, attackers are exploiting this zero-day vulnerability to infiltrate corporate servers, to steal sensitive data and deploy the notorious Clop ransomware. This report highlights the urgent need for companies to prioritize their cybersecurity measures to protect their […]

The post SysAid IT Service Software 0-day Exploited to Deploy Cl0p Ransomware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 10, 2023
0 comment
Read More >>

Buffer Overflow Flaws in Trusted Platform Modules Allow Malicious Commands

Trusted Computing Group’s Trust Platform Module 2.0 reference library specification has been discovered with two buffer overflow vulnerabilities that threat actors can exploit to access read-only sensitive data or overwrite normally protected data, which is only available to the TPM. A malicious individual who has gained access to the TPM 2.0’s Command interface has the […]

The post Buffer Overflow Flaws in Trusted Platform Modules Allow Malicious Commands appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 10, 2023
0 comment
Read More >>

Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes

Veeam, a Global Leader in Data Protection, issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform. Two vulnerabilities are classified as ‘critical,’ while the other two are classified as ‘medium severity’ flaws. The critical flaws allow remote code execution and steal NTLM Hashes, and the medium-severity issues involve user interaction and have a lesser […]

The post Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 7, 2023
0 comment
Read More >>

New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New!

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:- CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing defense strategies against cyber threats, enabling real-time threat assessment for consumers’ protection:- Document FREE Webinar […]

The post New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 3, 2023
0 comment
Read More >>

Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files

Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196, and CVE-2023-20213. The severity for these vulnerabilities ranges between 4.3 (Medium) and 4.7 (Medium). These vulnerabilities were identified in the Cisco Identity Services Engine, which is an identity and access control […]

The post Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 3, 2023
0 comment
Read More >>