vulnerability
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the …
Advantech’s industrial serial device servers open to attack
Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The …
Prevent attackers from using legitimate tools against you
Malicious actors are increasingly exploiting legitimate tools to accomplish their goals, which include disabling security measures, lateral movement, and transferring files. …
To enable ethical hackers, a law reform is needed
Organizations need to be able to match the ingenuity and resources of cybercriminals to better defend themselves against the increasing number of threats and attacks that …
Unattended API challenge: How we’re losing track and can we get full visibility
API sprawl is a prevalent issue in modern enterprises, as APIs are being developed and deployed at an unprecedented rate. As highlighted by Postman’s 2022 State of the …
Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126)
Cisco has revealed the existence of a critical vulnerability (CVE-2023-20126) in the web-based management interface of Cisco SPA112 2-Port Phone Adapters. The adapters are …
Attackers are trying to exploit old DVR vulnerabilities (CVE-2018-9995, CVE-2016-20016)
Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for …
Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)
A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says …
GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …
Common insecure configuration opens Apache Superset servers to compromise
An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. …
VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user …
PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350)
An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application …
Featured news
Sponsored
Don't miss
- US exposes scheme enabling North Korean IT workers to bypass sanctions
- The importance of access controls in incident response
- Organizations struggle to defend against ransomware
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)