vulnerability
ConnectWise ScreenConnect Vulnerability: Urgent Update
Nik Hewitt | | advice, Best Practices, Cybersecurity, next gen security, security, Security Research, vulnerability, zero-day
ConnectWise announce ScreenConnect vulnerability, with admins urged to update on-prem servers to 23.9.8, immediately : ScreenConnect 23.9.8 Update Here : Earlier this week, critical vulnerabilities were disclosed by ConnectWise in their widely ...
Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder
Gabi Stapel | | Bricks Builder, CVE-2024-25600, imperva, Imperva Threat Research, vulnerability, wordpress
A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a ...
ConnectWise Says ScreenConnect Flaw Being Actively Exploited
Hackers are actively exploiting critical security flaws in ConnectWise’s remote desktop access tool just days after the software maker alerted customers of the vulnerabilities. ConnectWise learned of the bugs – tracked as ...
Security Boulevard
VMware Urges Immediate EAP Uninstall: CVE-2024-22245
Nik Hewitt | | advice, Best Practices, Cybersecurity, next gen security, security, Security Research, vulnerability, zero-day
VMware is making an urgent call for admins to uninstall the now-defunct authentication plugin, EAP: CVE-2024-22245/ CVE-2024-22250 The Enhanced Authentication Plugin (EAP), once a staple for seamless vSphere management interface logins via ...
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute ...
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I’ll walk you through my discovery of ...
Critical Vulnerability in Microsoft Office Suite: CVE-2024-21413
Nik Hewitt | | advice, Best Practices, Cybersecurity, Malware, next gen security, Ransomware, security, Security Research, vulnerability
Microsoft has reported a critical vulnerability in Office Suite, dubbed CVE-2024-21413, requiring immediate patching In a recent revelation, Microsoft has highlighted a critical vulnerability in its Office suite, identified as CVE-2024-21413, which ...
Hacking Microsoft and Wix with Keyboard Shortcuts
Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security ...
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click ...
Exploited Ivanti Connect SSRF vulnerability traced back to ‘xmltooling’ OSS library
Over the past few weeks, vulnerabilities in proprietary Ivanti products, in particular Ivanti Connect Secure, Policy Secure, and ZTA gateways, have been making headlines for their active exploitation in the wild ...