Aggregator

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.

Protecting Organizations with Up-to-Date CVE Awareness  Reports from the National Institute of Standards and Technology (NIST) through its National Vulnerability Database (NVD) highlight critical cybersecurity vulnerabilities that demand immediate attention and underscore the persistent risks organizations face, including potential data breaches and system compromises if left unaddressed. Recent critical vulnerabilities emphasize the importance of timely...

The post Recent Critical Vulnerabilities: August 2024 CVE Roundup appeared first on TrueFort.

The post Recent Critical Vulnerabilities: August 2024 CVE Roundup appeared first on Security Boulevard.

Why are some organizations planning an Oracle Java migration of some (but not all) of their Java from Oracle to another JDK provider?

The post Are Java Users Making Bad Oracle Java Migration Decisions? appeared first on Azul | Better Java Performance, Superior Java Support.

The post Are Java Users Making Bad Oracle Java Migration Decisions? appeared first on Security Boulevard.

The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. [...]

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at the 3CX Phone Management System with the goal of identifying an unauthenticated remote code execution vulnerability within […]

The post 3CX Phone System Local Privilege Escalation Vulnerability appeared first on Praetorian.

The post 3CX Phone System Local Privilege Escalation Vulnerability appeared first on Security Boulevard.

A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer. [...]

The U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities. [...]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8) to its Known Exploited Vulnerabilities (KEV) catalog. This week Google released a security update to address the Chrome […]

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalogU.S. Cyber

CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.

A vulnerability, which was classified as problematic, has been found in openipmi. Affected by this issue is some unknown functionality of the component IPMI Simulator. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2024-42934. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as problematic was found in PHPOffice PhpSpreadsheet up to 2.2.0. Affected by this vulnerability is an unknown functionality. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2024-45048. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in PHPOffice PhpSpreadsheet up to 2.0.x. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-45046. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in EQ Enterprise Management System up to 1.x. It has been rated as critical. This issue affects some unknown processing of the component Requests Handler. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-44761. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.