bug
-
Blog
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers. “Adobe is aware that CVE-2024-53961…
Read More » -
Blog
If Meta prevails against Apple in Europe, AI surveillance will be a feature, not a bug – Computerworld
We will immediately enter a dangerous world of AI-assisted digital surveillance, one that needs to be resisted, not just because it’s a deeply unpleasant world to be in, but also because such an ecosystem will be bad for innovation, undermine trust, and threaten every aspect of the digital transformation. Every platform will be forced to open up, and all your…
Read More » -
Blog
CISA confirms critical Cleo bug exploitation in ransomware attacks
CISA confirmed today that a critical security vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. This flaw (tracked as CVE-2024-50623 and impacting all versions before version 5.8.0.21) enables unauthenticated attackers to gain remote code execution on vulnerable servers exposed online. Cleo released security updates to fix it in October and warned all…
Read More » -
Blog
Windows 10 KB5048652 update fixes new motherboard activation bug
Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device’s motherboard. The Windows 10 KB5048652 update is mandatory as it contains Microsoft’s December 2024 Patch Tuesday security updates. Windows users can install this update by going into Settings, clicking on Windows Update, and manually…
Read More » -
Blog
WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. Tracked under CVE-2024-11205, the flaw was categorized as a high-severity problem due to the authentication prerequisite. However, given that membership systems are available on most sites, exploitation may be fairly easy in most cases. The…
Read More » -
Blog
Windows 10 KB5046714 update fixes bug preventing app uninstalls
Microsoft has released the optional KB5046714 Preview cumulative update for Windows 10 22H2 with six bug fixes, including a fix for a bug preventing users from uninstalling or updating packaged applications. The KB5046714 cumulative update preview is part of Microsoft’s “optional non-security preview updates” schedule, typically released at the end of every month. This update allows Windows admins to test…
Read More » -
Blog
Critical RCE bug in VMware vCenter Server now exploited in attacks
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. TZL security researchers reported the RCE vulnerability (CVE-2024-38812) during China’s 2024 Matrix Cup hacking contest. It is caused by a heap overflow weakness in the vCenter’s DCE/RPC protocol implementation and affects products containing vCenter, including VMware vSphere…
Read More » -
Blog
Critical bug in EoL D-Link NAS devices now exploited in attacks
Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-10914, the command injection vulnerability was found by security researcher Netsecfish, who also shared exploitation details and said that unauthenticated attackers could exploit it to inject arbitrary shell commands by sending malicious HTTP GET requests…
Read More » -
Blog
D-Link won’t fix critical bug in 60,000 exposed EoL modems
Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user’s password and take complete control of the device. The vulnerability was discovered in the D-Link DSL6740C modem by security researcher Chaio-Lin Yu (Steven Meow), who reported it to Taiwan’s computer and response center (TWCERTCC).…
Read More » -
Blog
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Florian Hauser found that the vulnerability (tracked as CVE-2024-40711) is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to gain remote code execution (RCE)…
Read More »