CVE/vulnerability – Page 127 – MCYSEKA-Maritime Cyber Security Knowledge Archive

Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes

Veeam, a Global Leader in Data Protection, issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform. Two vulnerabilities are classified as ‘critical,’ while the other two are classified as ‘medium severity’ flaws. The critical flaws allow remote code execution and steal NTLM Hashes, and the medium-severity issues involve user interaction and have a lesser […]

The post Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 7, 2023

0 comment

New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New!

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:- CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing defense strategies against cyber threats, enabling real-time threat assessment for consumers’ protection:- Document FREE Webinar […]

The post New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 3, 2023

0 comment

Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files

Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196, and CVE-2023-20213. The severity for these vulnerabilities ranges between 4.3 (Medium) and 4.7 (Medium). These vulnerabilities were identified in the Cisco Identity Services Engine, which is an identity and access control […]

The post Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 3, 2023

0 comment

CitrixBleed Flaw Widely Exploited, Primarily by a Ransomware Gang

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical). After the release of PoC, there seems to be a mass exploitation of this vulnerability by threat actors. However, the technical details of this […]

The post CitrixBleed Flaw Widely Exploited, Primarily by a Ransomware Gang appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 1, 2023

0 comment

F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748. This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands. F5 Networks has categorized this issue under CWE-89, indicating an ‘Improper Neutralization of Special Elements used in […]

The post F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 1, 2023

0 comment

Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool

Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines. Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub. This innovative solution will be presented at the upcoming Black Hat Arsenal – SecTor Toronto event. Raven comes at […]

The post Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 30, 2023

0 comment

VMware Tools Flaw Let Attackers Escalate Privileges

Two high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High) and 7.8 (High), respectively. One of these vulnerabilities existed in macOS. However, VMware has released patches and security […]

The post VMware Tools Flaw Let Attackers Escalate Privileges appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 27, 2023

0 comment

Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability

Two vulnerabilities were disclosed by Citrix, which were CVE-2023-4966 and CVE-2023-4967, with critical and high severities, respectively. Of these two, CVE-2023-4966 has been released with a publicly available PoC. This vulnerability is associated with a sensitive information disclosure score of 9.4 (Critical). This vulnerability existed in the Citrix Netscaler ADC and Netscaler Gateway versions before […]

The post Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 26, 2023

0 comment

North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network

Microsoft has detected two North Korean nation-state threat actors, Diamond Sleet and Onyx Sleet, exploiting CVE-2023-42793. This vulnerability allows remote code execution on various JetBrains TeamCity server versions widely used for DevOps and software development activities. Diamond Sleet and other North Korean threat actors executed software supply chain attacks through build environment infiltration, posing a […]

The post North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 20, 2023

0 comment

Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code

If you use Trend Micro Apex One, you should know that the third-party Antivirus uninstaller feature may have a security hole. This flaw could make it possible for random code to be run. Even though the National Vulnerability Database (NVD) hasn’t…

September 21, 2023

0 comment

1 … 125 126 127 128