CVE/vulnerability

Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs

A critical CPU vulnerability can pose a significant threat by allowing:- Exploitation of such vulnerabilities can lead to widespread cyberattacks and significant disruptions. Recently, Google noted a rise in CPU vulnerabilities this year, as August disclosures reveal the following vulnerabilities for the Intel and AMD CPUs:- Besides this, Google recently identified a new CPU vulnerability […]

The post Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 16, 2023
0 comment
Read More >>

SysAid IT Service Software 0-day Exploited to Deploy Cl0p Ransomware

SysAid On-Prem software has been reported with a 0-day vulnerability determined during an incident response investigation. According to Microsoft, attackers are exploiting this zero-day vulnerability to infiltrate corporate servers, to steal sensitive data and deploy the notorious Clop ransomware. This report highlights the urgent need for companies to prioritize their cybersecurity measures to protect their […]

The post SysAid IT Service Software 0-day Exploited to Deploy Cl0p Ransomware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 10, 2023
0 comment
Read More >>

Buffer Overflow Flaws in Trusted Platform Modules Allow Malicious Commands

Trusted Computing Group’s Trust Platform Module 2.0 reference library specification has been discovered with two buffer overflow vulnerabilities that threat actors can exploit to access read-only sensitive data or overwrite normally protected data, which is only available to the TPM. A malicious individual who has gained access to the TPM 2.0’s Command interface has the […]

The post Buffer Overflow Flaws in Trusted Platform Modules Allow Malicious Commands appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 10, 2023
0 comment
Read More >>

Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes

Veeam, a Global Leader in Data Protection, issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform. Two vulnerabilities are classified as ‘critical,’ while the other two are classified as ‘medium severity’ flaws. The critical flaws allow remote code execution and steal NTLM Hashes, and the medium-severity issues involve user interaction and have a lesser […]

The post Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 7, 2023
0 comment
Read More >>

New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New!

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:- CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing defense strategies against cyber threats, enabling real-time threat assessment for consumers’ protection:- Document FREE Webinar […]

The post New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 3, 2023
0 comment
Read More >>

Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files

Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196, and CVE-2023-20213. The severity for these vulnerabilities ranges between 4.3 (Medium) and 4.7 (Medium). These vulnerabilities were identified in the Cisco Identity Services Engine, which is an identity and access control […]

The post Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 3, 2023
0 comment
Read More >>

CitrixBleed Flaw Widely Exploited, Primarily by a Ransomware Gang

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical). After the release of PoC, there seems to be a mass exploitation of this vulnerability by threat actors. However, the technical details of this […]

The post CitrixBleed Flaw Widely Exploited, Primarily by a Ransomware Gang appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 1, 2023
0 comment
Read More >>

F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748.  This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands.  F5 Networks has categorized this issue under CWE-89, indicating an ‘Improper Neutralization of Special Elements used in […]

The post F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 1, 2023
0 comment
Read More >>

Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool

Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines.  Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub.  This innovative solution will be presented at the upcoming Black Hat Arsenal – SecTor Toronto event. Raven comes at […]

The post Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 30, 2023
0 comment
Read More >>

VMware Tools Flaw Let Attackers Escalate Privileges

Two high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High) and 7.8 (High), respectively. One of these vulnerabilities existed in macOS. However,  VMware has released patches and security […]

The post VMware Tools Flaw Let Attackers Escalate Privileges appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 27, 2023
0 comment
Read More >>