Penetration Testing

MARCH 28, 2024

The flaw, designated CVE-2023-50969 with a critical CVSS score... The post CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Firewall 145

Penetration Testing

FEBRUARY 15, 2024

Two new vulnerabilities (CVE-2023-52160, CVE-2023-52161) in open-source WiFi software are allowing attackers to trick victims into connecting to evil twins of trusted networks intercept their traffic, and join otherwise secure networks without needing the... The post Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161) (..)

Penetration Testing 113

Penetration Testing Risk Software 113

Penetration Testing

JANUARY 30, 2024

The GNU C Library (glibc), a fundamental component in major Linux distributions, has a critical vulnerability, CVE-2023-6246. The core of this... The post Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing Risk 142

Penetration Testing

APRIL 24, 2024

The vulnerability, labeled CVE-2023-27368, could allow hackers to completely bypass the router’s login system,... The post CVE-2023-27368: NETGEAR Nighthawk Series Routers Authentication Bypass Vulnerability appeared first on Penetration Testing.

Authentication 121

Authentication Penetration Testing 121

Penetration Testing

APRIL 6, 2024

This flaw, designated CVE-2023-3454 (CVSS 8.6), could allow malicious actors to... The post CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks appeared first on Penetration Testing.

Penetration Testing 137

Penetration Testing Firmware 137

Penetration Testing

FEBRUARY 19, 2024

A proof-of-concept (PoC) was disclosed for a severe design flaw (CVE-2023-50387) in Domain Name System Security Extensions (DNSSEC), leaving DNS infrastructures vulnerable to widespread denial-of-service (DoS) attacks.

DNS 135

DNS Penetration Testing 135

Penetration Testing

FEBRUARY 18, 2024

Recently disclosed vulnerabilities (CVE-2023-28078 and CVE-2023-32462) pose a severe threat. They range from sensitive data exposure, and service disruption, all... The post CVE-2023-32462 (CVSS 9.8): Patch Dell Switches to Block Takeover appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing 127

Security Boulevard

JUNE 8, 2023

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Justin Wynn – Red Team Tales – 7 Years of Physical Penetration Testing appeared first on Security Boulevard.

Penetration Testing 52

Penetration Testing Education InfoSec Cybersecurity 52

Penetration Testing

APRIL 1, 2024

This vulnerability, designated CVE-2023-6154, carries a... The post Bitdefender CVE-2023-6154 Flaw Alert: Update Now to Prevent Potential Privilege Escalation appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Antivirus Internet Internet 127

Penetration Testing

FEBRUARY 21, 2024

for Windows, Mac, and Linux, addressing a severe privilege escalation vulnerability (CVE-2023-7235). During non-standard OpenVPN GUI installations... The post CVE-2023-7235: OpenVPN Vulnerability Puts Windows Users at Risk appeared first on Penetration Testing. OpenVPN has released version 2.6.9

Penetration Testing 123

Penetration Testing Risk 123

Penetration Testing

MARCH 10, 2024

The vulnerability, labeled CVE-2023-41313, allows attackers to exploit weaknesses in the authentication process within Apache Doris... The post CVE-2023-41313: Timing Attack Flaw in Apache Doris Database Puts Data at Risk appeared first on Penetration Testing.

Penetration Testing 135

Penetration Testing Risk Authentication 135

Penetration Testing

MARCH 1, 2024

CVE-2023-50378, a stored cross-site scripting (XSS) flaw, presents a significant... The post CVE-2023-50378: Apache Ambari Stored Cross-Site Scripting Vulnerability appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing 118

Penetration Testing

DECEMBER 15, 2023

In March, at the Pwn2Own contest in Vancouver, a... The post PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955) appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

eSecurity Planet

APRIL 7, 2023

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. Also read: 24 Top Open Source Penetration Testing Tools What Is Penetration Testing? An ethical hacking certification may help too.

Penetration Testing 141

Penetration Testing Social Engineering Energy and Utilities Hacking 141

Penetration Testing

JANUARY 21, 2024

A critical vulnerability, identified as CVE-2023-40051 and rated with a CVSS score of 9.1, CVE-2023-40051 manifests itself across multiple versions... The post CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security appeared first on Penetration Testing.

Penetration Testing 113

Penetration Testing 113

Penetration Testing

JANUARY 16, 2024

A new threat looms large for users of Confluence Data Center and Confluence Server, marked by the alarming designation CVE-2023-22527.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

MAY 5, 2024

The vulnerability, identified as CVE-2023-49606, poses a... The post CVE-2023-49606 (CVSS 9.8): Tinyproxy Zero-Day Threatens Thousands appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing Small Business 96

Penetration Testing

JANUARY 10, 2024

However, the discovery of CVE-2023-49647, a significant privilege... The post CVE-2023-49647: A High-Risk Zoom Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk Software 111

Penetration Testing

MARCH 4, 2024

A severe security flaw (CVE-2023-6825) has been uncovered in the popular File Manager and File Manager Pro WordPress plugins.

Penetration Testing 139

Penetration Testing 139

Penetration Testing

MAY 7, 2024

Attackers are weaponizing two critical vulnerabilities, CVE-2023-46805 (authentication bypass) and CVE-2024-21887... The post Mirai Botnet Exploits Ivanti Vulnerabilities (CVE-2023-46805 & CVE-2024-21887) appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing Authentication Malware 96

Penetration Testing

JANUARY 11, 2024

The Linux Kernel has been hit by a significant security vulnerability, CVE-2023-6040, with a CVSS score of 7.8, Discovered by Lin Ma from Ant Security Light-Year Lab, this flaw arises... The post CVE-2023-6040: A Critical Linux Kernel Netfilter Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

MARCH 25, 2024

Security researcher Yann Gascuel (Alter Solutions) has detailed a critical privilege escalation vulnerability (CVE-2023-42931) affecting the following macOS versions: macOS Monterey prior to 12.7.2 ... The post CVE-2023-42931: macOS Flaw Exposed Systems to Easy Privilege Escalation – Patch Now! macOS Ventura prior to 13.6.3

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 12, 2024

This platform, written in Java... The post CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw appeared first on Penetration Testing.

Penetration Testing 116

Penetration Testing 116

Penetration Testing

FEBRUARY 13, 2024

A severe zero-day vulnerability (CVE-2023-50358) has been discovered in QNAP Network Attached Storage (NAS) devices. Threat actors are already... The post CVE-2023-50358: A zero-day vulnerability affecting QNAP NAS devices appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

MARCH 5, 2024

Two vulnerabilities (CVE-2021-36380 & CVE-2023-21237), known to be under active attack, have landed on their KEV (Known Exploited Vulnerabilities) catalog. This means... The post CISA Warns of Active Exploitation of CVE-2021-36380 & CVE-2023-21237 Flaws appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing Cybersecurity 109

Penetration Testing

MARCH 21, 2024

Security researchers at Horizon3 have released proof-of-concept (PoC) code for a severe vulnerability (CVE-2023-48788) in the Fortinet FortiClient Enterprise Management Server (EMS). With a CVSS score of 9.3,

Penetration Testing 110

Penetration Testing 110

Penetration Testing

MARCH 21, 2024

A security researcher has published details and proof-of-concept (PoC) code for a Windows CVE-2023-36424 vulnerability that could be exploited to elevate privileges from a Medium Integrity Level to a High Integrity Level.

Penetration Testing 110

Penetration Testing 110

Penetration Testing

JANUARY 15, 2024

A new security vulnerability was found in the GRUB boot manager, CVE-2023-4001. on the Common Vulnerability Scoring System (CVSS), presents a unique challenge in the realm of... The post Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 1, 2024

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed flaw, CVE-2023-50226 (CVSS 7.8), impacting Parallels Desktop. At its core, CVE-2023-50226 is a privilege escalation vulnerability.

Penetration Testing 107

Penetration Testing 107

Penetration Testing

JANUARY 24, 2024

Dubbed CVE-2023-49657, this stored cross-site scripting (XSS) vulnerability has... The post CVE-2023-49657: Apache Superset Hit by High-Risk Stored XSS Vulnerability appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing Risk Software 110

Penetration Testing

NOVEMBER 16, 2023

These vulnerabilities, classified as CVE-2023-36584, CVE-2023-1671, and... The post CISA Warns of Actively Exploited Flaws: CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551 appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Cybersecurity 84

Penetration Testing

JANUARY 10, 2024

Known for its efficiency in providing mutable data structures through a server-client model,... The post CVE-2023-41056: Redis Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

DECEMBER 25, 2023

In the intricate world of cybersecurity, Barracuda Networks has faced a formidable challenge with the discovery of two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101, both linked to the Spreadsheet::ParseExcel library.

Penetration Testing 111

Penetration Testing Cybersecurity 111

Penetration Testing

JANUARY 2, 2024

Proof-of-concept (PoC) code has been released for a zero-day iOS vulnerability (CVE-2023-32434) that can be chained to take full control of a mobile device.

Penetration Testing 111

Penetration Testing Mobile 111

Penetration Testing

JANUARY 11, 2024

CVE-2023-7028: Account Takeover via... The post CVE-2023-7028 & 5356: GitLab Addresses Account Takeover & Command Flaws appeared first on Penetration Testing.

Accountability 105

Accountability Penetration Testing Cyber threats 105

Penetration Testing

DECEMBER 18, 2023

This flaw, designated as CVE-2023-6817, poses a... The post CVE-2023-6817: Linux Kernel NetFilter Flaw Opens Root Access appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

Penetration Testing

JANUARY 24, 2024

The Danish Centre for Cyber Security (CFCS) is warning of increased ransomware activity, exploiting CVE-2023-20269, a vulnerability that affects the VPN feature in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD)... The post Denmark’s CFCS Raises Alarm on Ransomware Exploiting Cisco VPN Flaw CVE-2023-20269 (..)

VPN 96

VPN Penetration Testing Ransomware 96