2024 and Penetration Testing - Cyber Security Informer

The 6 Best Penetration Testing Companies for 2024

Tech Republic Security

SEPTEMBER 12, 2024

Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.

Penetration Testing

CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users

Penetration Testing

MAY 7, 2024

This vulnerability, which allows for... The post CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users appeared first on Penetration Testing.

Penetration Testing

Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published

Penetration Testing

APRIL 22, 2024

Security researcher Naor Hodorov has made public a proof-of-concept (PoC) exploit for a severe vulnerability (CVE-2024-21111) in Oracle VirtualBox. and allows attackers with basic access to a... The post Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published appeared first on Penetration Testing.

Penetration Testing

CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover

Penetration Testing

MAY 14, 2024

German enterprise software giant SAP has announced the release of 14 new security notes and three updates to previously released notes as part of its May 2024 Security Patch Day.

Penetration Testing

Penetration Testing Software

Windows Kernel EoP Vulnerability (CVE-2024-21345) Gets PoC Exploit Code

Penetration Testing

APRIL 27, 2024

Security researcher Gabe Kirkpatrick has released proof-of-concept (PoC) exploit code for CVE-2024-21345, a high-severity Windows Kernel Elevation of Privilege vulnerability.

Penetration Testing

Penetration Testing Authentication

CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available

Penetration Testing

MARCH 17, 2024

These vulnerabilities, labeled CVE-2024-28353 and CVE-2024-28354, leave these routers alarmingly exposed to potential remote... The post CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available appeared first on Penetration Testing.

Penetration Testing

Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability

Penetration Testing

MARCH 10, 2024

The vulnerability, designated as CVE-2024-22252, could potentially allow attackers to... The post Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability appeared first on Penetration Testing.

Penetration Testing

CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access

Penetration Testing

MAY 23, 2024

This flaw, identified as CVE-2024-20360, carries a CVSS score of 8.8,... The post CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software

Critical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit with PoC

Penetration Testing

MAY 19, 2024

Security researcher Amal Murali recently published the technical details and proof-of-concept (PoC) for critical remote code execution (RCE) vulnerability in Git, tracked as CVE-2024-32002 (CVSS 9.1).

Penetration Testing

CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published

Penetration Testing

JUNE 4, 2024

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software.

Penetration Testing

Penetration Testing Software

Researcher Releases PoC Exploit for Windows Kernel EoP Vulnerability (CVE-2024-26218)

Penetration Testing

APRIL 28, 2024

Cybersecurity researcher Gabe Kirkpatrick shared technical details and proof-of-concept (PoC) exploit code for a high-severity elevation of privilege vulnerability (CVE-2024-26218) bug affecting the Windows Kernel.

Penetration Testing

Penetration Testing Cybersecurity

CVE-2024-2961 – glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately

Penetration Testing

APRIL 19, 2024

A recently discovered flaw in the GNU C Library’s (glibc) iconv function (CVE-2024-2961) carries severe implications for web applications built on PHP.

Penetration Testing

CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core

Penetration Testing

MAY 3, 2024

The vulnerability, tracked as CVE-2024-4439 and rated... The post CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core appeared first on Penetration Testing.

Penetration Testing

CVE-2024-4984: Yoast SEO Flaw Exposes Millions of WordPress Sites to Attack

Penetration Testing

MAY 16, 2024

This vulnerability, tracked as CVE-2024-4984, could allow malicious actors to... The post CVE-2024-4984: Yoast SEO Flaw Exposes Millions of WordPress Sites to Attack appeared first on Penetration Testing.

Penetration Testing

CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published

Penetration Testing

MARCH 31, 2024

The technical details and proof-of-concept (PoC) exploit code has been released for a significant vulnerability, designated CVE-2024-0582 (CVSS 7.8) could allow attackers with local... The post CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published appeared first on Penetration Testing.

Penetration Testing

Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024

Penetration Testing

MAY 2, 2024

Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA (..)

Penetration Testing

Penetration Testing VPN

CVE-2024-20767: Critical Adobe ColdFusion Flaw Exposes Sensitive Files, PoC Published

Penetration Testing

MARCH 25, 2024

Security researcher ma4ter has revealed details of a dangerous security vulnerability (CVE-2024-20767) in Adobe ColdFusion.

Penetration Testing

PoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability

Penetration Testing

MAY 19, 2024

A proof-of-concept (PoC) exploit code for a recently patched zero-day CVE-2024-4947 vulnerability in Google Chrome has surfaced, making it crucial for users to immediately update their browsers to the latest versions.

Penetration Testing

PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable

Penetration Testing

MARCH 19, 2024

Proof-of-concept (PoC) code is now available for a critical severity vulnerability (CVE-2024-21762) in FortiOS SSL VPN. out of 10, this flaw opens the door to remote code execution... The post PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable appeared first on Penetration Testing.

Penetration Testing

Penetration Testing VPN

CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information

Penetration Testing

MAY 24, 2024

Security researcher Matthias Gerstner has discovered a critical vulnerability (CVE-2024-5148) in GNOME Remote Desktop versions 46.0 gnome-remote-desktop offers remote access... The post CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information appeared first on Penetration Testing.

Penetration Testing

CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server

Penetration Testing

MAY 20, 2024

GitHub, the world’s leading software development platform, has disclosed a critical security vulnerability (CVE-2024-4985) in its self-hosted GitHub Enterprise Server (GHES) product.

Authentication

Authentication Penetration Testing Software

CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks

Penetration Testing

APRIL 5, 2024

This vulnerability, designated CVE-2024-3116, allows attackers to execute malicious code on servers... The post CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks appeared first on Penetration Testing.

Penetration Testing

macOS Under Threat: PoC Exploit for CVE-2024-27842 Allows Kernel-Level Code Execution

Penetration Testing

MAY 26, 2024

Recently, security researcher Wang Tielei published a proof-of-concept (PoC) exploit codes for a significant privilege escalation vulnerability (CVE-2024-27842) in macOS.

Penetration Testing

WordPress Ultimate Member Plugin Under Active Attack: Critical Flaw (CVE-2024-1071) Impacts 200k Sites

Penetration Testing

FEBRUARY 25, 2024

This critical flaw, identified as CVE-2024-1071, carries a high-severity CVSS score of 9.8, underscoring... The post WordPress Ultimate Member Plugin Under Active Attack: Critical Flaw (CVE-2024-1071) Impacts 200k Sites appeared first on Penetration Testing.

Penetration Testing

YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows

Penetration Testing

APRIL 4, 2024

A vulnerability (CVE-2024-31498) with a CVSS score of 7.7 was discovered, allowing attackers to exploit elevated privileges on... The post YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

Penetration Testing

APRIL 22, 2024

This zero-day flaw, identified as CVE-2024-4040 with a CVSS score of 7.7, poses a severe risk to organizations... The post CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software Risk

CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders

Penetration Testing

MAY 2, 2024

The vulnerability (CVE-2024-33530) allows unauthorized individuals to gain the meeting password, potentially bypassing security... The post CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders appeared first on Penetration Testing.

Passwords

Passwords Penetration Testing

CVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed

Penetration Testing

MAY 21, 2024

These vulnerabilities could allow unauthorized access,... The post CVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed appeared first on Penetration Testing.

Backups

Backups Penetration Testing Software

CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS

Penetration Testing

APRIL 28, 2024

These flaws, if exploited,... The post CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Manufacturing Software

Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk

Penetration Testing

APRIL 21, 2024

This flaw, designated CVE-2024-29291, affects versions 8.* of... The post Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk appeared first on Penetration Testing. through 11.*

Penetration Testing

Penetration Testing Risk Data breaches

CVE-2024-24787 (CVSS 9.8): Go Vulnerability Could Lead to Code Execution

Penetration Testing

MAY 8, 2024

These flaws, identified in the Go environment, could potentially allow... The post CVE-2024-24787 (CVSS 9.8): Go Vulnerability Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software

Google Rushes to Patch Chrome Zero-Day Exploit: CVE-2024-4671

Penetration Testing

MAY 9, 2024

The flaw, designated CVE-2024-4671, is a “use after free” bug located... The post Google Rushes to Patch Chrome Zero-Day Exploit: CVE-2024-4671 appeared first on Penetration Testing.

Penetration Testing

CVE-2024-21683: Atlassian Patches RCE Flaw in Confluence Data Center and Server

Penetration Testing

MAY 21, 2024

Tracked as CVE-2024-21683, this flaw could allow authenticated... The post CVE-2024-21683: Atlassian Patches RCE Flaw in Confluence Data Center and Server appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Authentication Software

glibc Flaw (CVE-2024-2961) Opens Door to RCE, PoC Exploit Published

Penetration Testing

MAY 27, 2024

Technical details and a proof-of-concept (PoC) exploit code have emerged about a security flaw (CVE-2024-2961) in GNU C Library that could be chained by threat actors to achieve remote code execution on affected systems....

Penetration Testing

ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380

Penetration Testing

APRIL 18, 2024

The patches address a high-severity vulnerability, designated CVE-2024-20380 (CVSS 7.5), that could allow unauthenticated, remote attackers to crash ClamAV... The post ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380 appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Antivirus Software

CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks

Penetration Testing

JUNE 2, 2024

The vulnerability, assigned CVE-2024-32850 with a CVSS score of... The post CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks appeared first on Penetration Testing.

Penetration Testing

Urgent Security Patch Released for Dell Servers: CVE-2024-0172 Could Allow Hackers to Take Control

Penetration Testing

APRIL 5, 2024

Dell has released a critical security patch addressing a severe vulnerability (CVE-2024-0172) in the BIOS software used on a wide range of its PowerEdge Server and Precision Rack systems.

Penetration Testing

Penetration Testing Software

Apache Tomcat Vulnerabilities Exposed, Prompt Updates Required

Penetration Testing

MARCH 13, 2024

Security researchers have disclosed two vulnerabilities (CVE-2024-23672 and CVE-2024-24549) in popular Apache Tomcat web server software. What’s... The post Apache Tomcat Vulnerabilities Exposed, Prompt Updates Required appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software

DNSBomb: New DDoS Attack Explodes DNS Traffic, Threatening Critical Internet Infrastructure

Penetration Testing

MAY 23, 2024

Researchers from Tsinghua University have unveiled a potent new method for launching distributed denial-of-service (DDoS) attacks, dubbed DNSBomb (CVE-2024-33655).

DNS

DNS DDOS Internet Internet

Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published

Penetration Testing

DECEMBER 8, 2024

A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. poses a significant threat to Windows systems,... The post Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published appeared first on Cybersecurity News.

Cybersecurity

CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws

Penetration Testing

DECEMBER 19, 2024

resolves multiple vulnerabilities that pose significant risks, including... The post CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws appeared first on Cybersecurity News. Foxit has released a crucial security update for its widely used Foxit PDF Reader and Foxit PDF Editor.

Risk

Risk Cybersecurity

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Penetration Testing

DECEMBER 17, 2024

One of the vulnerabilities could allow... The post RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 appeared first on Cybersecurity News.

Software

Software Cybersecurity

Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382

Penetration Testing

DECEMBER 10, 2024

The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.

Cybersecurity

PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released

Penetration Testing

AUGUST 19, 2024

Researchers have published the technical details and proof-of-concept (PoC) exploit code for two critical zero-day vulnerabilities in Windows, tracked as CVE-2024-38202 and CVE-2024-21302.

Cybersecurity

The 6 Best Penetration Testing Companies for 2024

CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users

Trending Sources

Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published

CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover

Windows Kernel EoP Vulnerability (CVE-2024-21345) Gets PoC Exploit Code

CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available

Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability

CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access

Critical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit with PoC

CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published

Researcher Releases PoC Exploit for Windows Kernel EoP Vulnerability (CVE-2024-26218)

CVE-2024-2961 – glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately

CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core

CVE-2024-4984: Yoast SEO Flaw Exposes Millions of WordPress Sites to Attack

CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published

Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA 2024

CVE-2024-20767: Critical Adobe ColdFusion Flaw Exposes Sensitive Files, PoC Published

PoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability

PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable

CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information

CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server

CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks

macOS Under Threat: PoC Exploit for CVE-2024-27842 Allows Kernel-Level Code Execution

WordPress Ultimate Member Plugin Under Active Attack: Critical Flaw (CVE-2024-1071) Impacts 200k Sites

YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

CVE-2024-33530: Jitsi Meet Flaw Leaks Meeting Passwords, Exposing Calls to Intruders

CVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed

CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS

Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk

CVE-2024-24787 (CVSS 9.8): Go Vulnerability Could Lead to Code Execution

Google Rushes to Patch Chrome Zero-Day Exploit: CVE-2024-4671

CVE-2024-21683: Atlassian Patches RCE Flaw in Confluence Data Center and Server

glibc Flaw (CVE-2024-2961) Opens Door to RCE, PoC Exploit Published

ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380

CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks

Urgent Security Patch Released for Dell Servers: CVE-2024-0172 Could Allow Hackers to Take Control

Apache Tomcat Vulnerabilities Exposed, Prompt Updates Required

DNSBomb: New DDoS Attack Explodes DNS Traffic, Threatening Critical Internet Infrastructure

Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published

CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382

PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released

Stay Connected