Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. […]
MITRE Adds Mitigations to EMB3D Threat Model
MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices.
The post MITRE Adds Mitigations to EMB3D Threat Model appeared first on SecurityWeek.
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
“These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks,” Forescout
“These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks,” Forescout
DrayTek fixed critical flaws in over 700,000 exposed routers
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. […]
US, Allies Release Guidance on Securing OT Environments
New guidance provides information on how to create and maintain a secure operational technology (OT) environment.
The post US, Allies Release Guidance on Securing OT Environments appeared first on SecurityWeek.
Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues
Microsoft is blocking Windows 24H2 upgrades on systems with incompatible Intel Smart Sound Technology (SST) audio drivers due to blue screen of death (BSOD) issues. […]
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI
Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI.
The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek.
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting.
Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,
Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,
Harmonic Raises $17.5M to Defend Against AI Data Harvesting
Harmonic has raised a total of $26 million to develop a new approach to data protection using pre-trained, specialized language models.
The post Harmonic Raises $17.5M to Defend Against AI Data Harvesting appeared first on SecurityWeek.
Microsoft warns of Windows 11 24H2 gaming performance issues
Microsoft is working to fix several known issues behind Asphalt 8 game crashes and Easy Anti-Cheat blue screens on some Windows 24H2 systems. […]