More results...
Researchers discovered flaws in the Autel MaxiCharger EV charger that make it potential to execute arbitrary code on the device by just placing it within Bluetooth range. The vulnerabilities tracked as CVE-2024-23958, CVE-2024-23959, and CVE-2024-23967…
VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats. The Enhanced Authentication Plugin (EAP), which provided seamless login capabilities to vSphere’s management interfaces, is susceptible to authentication relay and session hijack attacks due to two unpatched security vulnerabilities. Document Live Account Takeover Attack Simulation How […]
The post VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
SolarWinds has released their Access Rights Manager version 2023.2.3, in which several vulnerabilities associated with Deserialization and Directory Traversal leading to Remote code execution have been fixed. The CVEs of these vulnerabilities were assigned with The severity for these vulnerabilities ranges between 7.9 (High) and 9.6 (Critical). Several organizations use Access Rights Manager to gather […]
The post SolarWinds ARM Flaw Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
Threat actors exploit Cisco AnyConnect vulnerabilities to gain unauthorized access to networks, compromise sensitive information, and potentially execute malicious activities. Exploiting these vulnerabilities allows attackers to bypass security measures, leading to unauthorized control over network resources, potential disruptions to operations, cyber espionage, data theft, and ransomware deployment. Cybersecurity analysts at Truesec recently discovered that Akira […]
The post Akira Ransomware Actively Exploiting Cisco Anyconnect Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ESET, a cybersecurity firm, has released patches for a high-severity vulnerability identified in several Windows-based security products, including consumer, business, and server security. The vulnerability tracked as CVE-2024-0353 has a CVSS score of 7.8 and was identified in the real-time file system protection feature of ESET’s products, which handles file operations. The Real-time file system […]
The post ESET Privilege Escalation Flaw Let Attackers Delete Arbitrary Files appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server if the vulnerability is exploited. TeamCity is a building management and continuous integration server developed […]
The post 1000+ JetBrains TeamCity Instances Vulnerable to RCE Bypass Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
Outlook has been discovered to have an interesting vulnerability while handling specific hyperlinks, which was found to be exploited by threat actors in the wild. This vulnerability has been assigned with CVE-2024-21413, and the severity was given as 9.8 (Critical). However, Microsoft has addressed this vulnerability and fixed it as part of their Patch Tuesday […]
The post New Outlook 0-day RCE Flaw Exploited in the Wild appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
As part of its February 2024 Patch Tuesday updates, Microsoft has published patches to address 73 security flaws, including two zero-day vulnerabilities that have been actively exploited. Five of the 73 vulnerabilities are classified as ‘Critical’, 65 as ‘Important’, and three as ‘Moderate’ in severity. Document Live Account Takeover Attack Simulation How do Hackers Bypass 2FA? […]
The post Microsoft Patch Tuesday 2024: 73 Security Flaws, Including Two 0-Days Patched appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841. Additionally, the vulnerability targeted only a limited number of ESG devices. However, Barracuda has deployed a security update to all the active ESGs to address this vulnerability, and has been […]
The post Chinese Hackers Exploit New Zero-Day in Barracuda’s ESG to Deploy Backdoor appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
A new vulnerability has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Apache OfBiz is used as a part of the software supply chain in Atlassian’s JIRA, which is predominantly used in several organizations. This vulnerability was a bypass to a previously discovered vulnerability, CVE-2023-49070. Since the root issue of CVE-2023-49070 […]
The post Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.