Penetration Testing

MARCH 6, 2024

US chipmaking giant Qualcomm has released a crucial security bulletin this month, patching 16 vulnerabilities – including two critical flaws (CVE-2023-28578 and CVE-2023-28582)– that leave billions of devices exposed to potential attacks.

Penetration Testing 131

Penetration Testing 131

Penetration Testing

OCTOBER 13, 2024

This vulnerability, tracked... The post Popular Java Security Framework ‘pac4j’ Vulnerable to RCE (CVE-2023-25581) appeared first on Cybersecurity News.

Cybersecurity 97

Cybersecurity 97

Penetration Testing

MARCH 1, 2024

An independent security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability (CVE-2023-42942) that could be exploited for root privilege escalation.

Penetration Testing 142

Penetration Testing 142

Penetration Testing

MARCH 26, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm regarding active attacks targeting a vulnerability in Microsoft SharePoint Server (CVE-2023-24955).

Penetration Testing 144

Penetration Testing Cybersecurity 144

Penetration Testing

JANUARY 30, 2024

The GNU C Library (glibc), a fundamental component in major Linux distributions, has a critical vulnerability, CVE-2023-6246. The core of this... The post Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing Risk 142

Penetration Testing

JANUARY 16, 2024

A new threat looms large for users of Confluence Data Center and Confluence Server, marked by the alarming designation CVE-2023-22527.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

MARCH 28, 2024

The flaw, designated CVE-2023-50969 with a critical CVSS score... The post CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Firewall 145

Penetration Testing

APRIL 12, 2024

Akamai researcher Ben Barnea has released the technical details and proof-of-concept (PoC) for a severe CVE-2023-35628 vulnerability in Microsoft Windows, specifically affecting Outlook clients and potentially exploitable through Windows Explorer.

Penetration Testing 139

Penetration Testing 139

Penetration Testing

FEBRUARY 19, 2024

A proof-of-concept (PoC) was disclosed for a severe design flaw (CVE-2023-50387) in Domain Name System Security Extensions (DNSSEC), leaving DNS infrastructures vulnerable to widespread denial-of-service (DoS) attacks.

DNS 137

DNS Penetration Testing 137

Penetration Testing

FEBRUARY 18, 2024

Recently disclosed vulnerabilities (CVE-2023-28078 and CVE-2023-32462) pose a severe threat. They range from sensitive data exposure, and service disruption, all... The post CVE-2023-32462 (CVSS 9.8): Patch Dell Switches to Block Takeover appeared first on Penetration Testing.

Penetration Testing 131

Penetration Testing 131

Penetration Testing

MARCH 4, 2024

A severe security flaw (CVE-2023-6825) has been uncovered in the popular File Manager and File Manager Pro WordPress plugins.

Penetration Testing 139

Penetration Testing 139

Penetration Testing

APRIL 6, 2024

This flaw, designated CVE-2023-3454 (CVSS 8.6), could allow malicious actors to... The post CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Firmware 138

Penetration Testing

MARCH 10, 2024

The vulnerability, labeled CVE-2023-41313, allows attackers to exploit weaknesses in the authentication process within Apache Doris... The post CVE-2023-41313: Timing Attack Flaw in Apache Doris Database Puts Data at Risk appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Risk Authentication 136

Penetration Testing

DECEMBER 1, 2024

This new threat exploits the LogoFAIL vulnerability (CVE-2023-40238), a UEFI firmware flaw,... The post Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238) appeared first on Cybersecurity News.

Firmware 69

Firmware Cybersecurity Malware 69

Penetration Testing

FEBRUARY 15, 2024

Two new vulnerabilities (CVE-2023-52160, CVE-2023-52161) in open-source WiFi software are allowing attackers to trick victims into connecting to evil twins of trusted networks intercept their traffic, and join otherwise secure networks without needing the... The post Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161) (..)

Penetration Testing 119

Penetration Testing Risk Software 119

Penetration Testing

FEBRUARY 21, 2024

for Windows, Mac, and Linux, addressing a severe privilege escalation vulnerability (CVE-2023-7235). During non-standard OpenVPN GUI installations... The post CVE-2023-7235: OpenVPN Vulnerability Puts Windows Users at Risk appeared first on Penetration Testing. OpenVPN has released version 2.6.9

Penetration Testing 128

Penetration Testing Risk 128

Penetration Testing

APRIL 1, 2024

This vulnerability, designated CVE-2023-6154, carries a... The post Bitdefender CVE-2023-6154 Flaw Alert: Update Now to Prevent Potential Privilege Escalation appeared first on Penetration Testing.

Penetration Testing 131

Penetration Testing Antivirus Internet Internet 131

Penetration Testing

APRIL 24, 2024

The vulnerability, labeled CVE-2023-27368, could allow hackers to completely bypass the router’s login system,... The post CVE-2023-27368: NETGEAR Nighthawk Series Routers Authentication Bypass Vulnerability appeared first on Penetration Testing.

Authentication 126

Authentication Penetration Testing 126

Penetration Testing

FEBRUARY 18, 2024

2023 was a year of marked transformation in the world of Distributed Denial of Service (DDoS) attacks.

DDOS 128

DDOS Penetration Testing 128

Penetration Testing

MARCH 1, 2024

CVE-2023-50378, a stored cross-site scripting (XSS) flaw, presents a significant... The post CVE-2023-50378: Apache Ambari Stored Cross-Site Scripting Vulnerability appeared first on Penetration Testing.

Penetration Testing 123

Penetration Testing 123

Penetration Testing

JANUARY 21, 2024

A critical vulnerability, identified as CVE-2023-40051 and rated with a CVSS score of 9.1, CVE-2023-40051 manifests itself across multiple versions... The post CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing 119

The Last Watchdog

APRIL 30, 2023

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Here are four evolving themes reverberating from RSAC 2023 that struck me: Password enabled access will endure for the foreseeable future. Related: Demystifying ‘DSPM’ This was my nineteenth RSAC.

Mobile 238

Mobile Cloud Migration Penetration Testing Authentication 238

Penetration Testing

DECEMBER 15, 2023

In March, at the Pwn2Own contest in Vancouver, a... The post PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955) appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Penetration Testing

DECEMBER 19, 2024

This SQL injection vulnerability, identified as CVE-2023-48788, affects FortiClient... The post Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability CVE-2023-48788 appeared first on Cybersecurity News.

Cybersecurity 72

Cybersecurity 72

Penetration Testing

JANUARY 12, 2024

This platform, written in Java... The post CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing 122

Penetration Testing

FEBRUARY 1, 2024

WordPress, one of the most popular content management systems, offers... The post Under Attack: CVE-2023-6700 in ‘Cookie Information’ Plugin Threatens 100k WordPress Sites appeared first on Penetration Testing.

Penetration Testing 125

Penetration Testing Data privacy Internet Internet 125

Penetration Testing

JANUARY 10, 2024

However, the discovery of CVE-2023-49647, a significant privilege... The post CVE-2023-49647: A High-Risk Zoom Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk Software 111

The Last Watchdog

APRIL 28, 2023

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Here are three evolving themes reverberating from RSAC 2023 that struck me: Getting a grip on identities Password enabled access will endure for the foreseeable future.

Mobile 211

Mobile Cloud Migration Penetration Testing Authentication 211

Penetration Testing

JANUARY 11, 2024

The Linux Kernel has been hit by a significant security vulnerability, CVE-2023-6040, with a CVSS score of 7.8, Discovered by Lin Ma from Ant Security Light-Year Lab, this flaw arises... The post CVE-2023-6040: A Critical Linux Kernel Netfilter Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 24, 2024

Dubbed CVE-2023-49657, this stored cross-site scripting (XSS) vulnerability has... The post CVE-2023-49657: Apache Superset Hit by High-Risk Stored XSS Vulnerability appeared first on Penetration Testing.

Penetration Testing 116

Penetration Testing Risk Software 116

Penetration Testing

JANUARY 2, 2024

Proof-of-concept (PoC) code has been released for a zero-day iOS vulnerability (CVE-2023-32434) that can be chained to take full control of a mobile device.

Penetration Testing 111

Penetration Testing Mobile 111

Penetration Testing

DECEMBER 25, 2023

In the intricate world of cybersecurity, Barracuda Networks has faced a formidable challenge with the discovery of two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101, both linked to the Spreadsheet::ParseExcel library.

Penetration Testing 111

Penetration Testing Cybersecurity 111

Penetration Testing

JANUARY 15, 2024

A new security vulnerability was found in the GRUB boot manager, CVE-2023-4001. on the Common Vulnerability Scoring System (CVSS), presents a unique challenge in the realm of... The post Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 10, 2024

Known for its efficiency in providing mutable data structures through a server-client model,... The post CVE-2023-41056: Redis Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

MARCH 5, 2024

Two vulnerabilities (CVE-2021-36380 & CVE-2023-21237), known to be under active attack, have landed on their KEV (Known Exploited Vulnerabilities) catalog. This means... The post CISA Warns of Active Exploitation of CVE-2021-36380 & CVE-2023-21237 Flaws appeared first on Penetration Testing.

Penetration Testing 115

Penetration Testing Cybersecurity 115

Penetration Testing

DECEMBER 18, 2023

This flaw, designated as CVE-2023-6817, poses a... The post CVE-2023-6817: Linux Kernel NetFilter Flaw Opens Root Access appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

Penetration Testing

NOVEMBER 12, 2023

The vulnerabilities, CVE-2023-46849 and CVE-2023-46850, affect OpenVPN Access... The post CVE-2023-46850: OpenVPN Access Server Flaw Exposes Sensitive Data, RCE Possible appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing VPN 111