Please turn on your JavaScript for this page to function normally.
arcserve
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files …

BSAM
BSAM: Open-source methodology for Bluetooth security assessment

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security …

Cisco
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be …

Ivanti
State-sponsored hackers know enterprise VPN appliances inside out

Suspected Chinese state-sponsored hackers leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of …

ConnectWise
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of …

vmware
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to …

RCE vulnerabilities fixed in SolarWinds enterprise solutions

SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable …

QNAP
QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the …

AnyDesk
Corporate users getting tricked into downloading AnyDesk

Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. The AnyDesk phishing campaign In a phishing …

Rhysida ransomware decryptor
Decryptor for Rhysida ransomware is available!

Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a …

Cisco ASA 5500-X
Akira, LockBit actively searching for vulnerable Cisco ASA devices

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. …

video, conference call
Deepfaked video conference call makes employee send $25 million to scammers

A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has …

Don't miss

Cybersecurity news