CVE/vulnerability – Page 119 – MCYSEKA-Maritime Cyber Security Knowledge Archive

Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool

Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines. Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub. This innovative solution will be presented at the upcoming Black Hat Arsenal – SecTor Toronto event. Raven comes at […]

The post Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 30, 2023

0 comment

VMware Tools Flaw Let Attackers Escalate Privileges

Two high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High) and 7.8 (High), respectively. One of these vulnerabilities existed in macOS. However, VMware has released patches and security […]

The post VMware Tools Flaw Let Attackers Escalate Privileges appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 27, 2023

0 comment

Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability

Two vulnerabilities were disclosed by Citrix, which were CVE-2023-4966 and CVE-2023-4967, with critical and high severities, respectively. Of these two, CVE-2023-4966 has been released with a publicly available PoC. This vulnerability is associated with a sensitive information disclosure score of 9.4 (Critical). This vulnerability existed in the Citrix Netscaler ADC and Netscaler Gateway versions before […]

The post Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 26, 2023

0 comment

North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network

Microsoft has detected two North Korean nation-state threat actors, Diamond Sleet and Onyx Sleet, exploiting CVE-2023-42793. This vulnerability allows remote code execution on various JetBrains TeamCity server versions widely used for DevOps and software development activities. Diamond Sleet and other North Korean threat actors executed software supply chain attacks through build environment infiltration, posing a […]

The post North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 20, 2023

0 comment

Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code

If you use Trend Micro Apex One, you should know that the third-party Antivirus uninstaller feature may have a security hole. This flaw could make it possible for random code to be run. Even though the National Vulnerability Database (NVD) hasn’t…

September 21, 2023

0 comment

MITRE Releases Top 25 Most Dangerous Software Weaknesses

The top 25 most dangerous software weaknesses impacting software for the previous two calendar years have been published by MITRE as part of the 2023 Common Weaknesses Enumeration (CWE). Attackers can utilize these flaws to seize control of a vulnerabl…

June 30, 2023

0 comment

1 … 117 118 119