The company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.
The post VMware Patches High-Severity Vulnerabilities in Aria Operations appeared first on SecurityWeek.
IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR
IBM has released patches for two high-severity remote code execution vulnerabilities in Data Virtualization Manager and Security SOAR.
The post IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR appeared first on SecurityWeek.
Hackers exploit critical bug in Array Networks SSL VPN products
America’s Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. […]
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.
The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions
The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions
Chinese Hackers Exploiting Critical Vulnerability in Array Networks Gateways
CISA warns about attacks exploiting CVE-2023-28461, a critical vulnerability in Array Networks AG and vxAG secure access gateways.
The post Chinese Hackers Exploiting Critical Vulnerability in Array Networks Gateways appeared first on SecurityWeek.
Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel – a free vulnerability intelligence platform designed to help you act fast and prioritize real threats.
What is Intel?
Intel was created to fill a gap in the resources available for tracking emerging
What is Intel?
Intel was created to fill a gap in the resources available for tracking emerging
New York Fines Geico and Travelers $11 Million Over Data Breaches
New York has announced $11 million settlements with Geico and Travelers over data breaches affecting 120,000 people.
The post New York Fines Geico and Travelers $11 Million Over Data Breaches appeared first on SecurityWeek.
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.
“In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user
“In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites
Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.
The post Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites appeared first on SecurityWeek.
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.
Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed