Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged… Continue reading Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)

The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulnera… Continue reading Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a… Continue reading PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system fi… Continue reading CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could all… Continue reading Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Censys unveils two new product tiers to help researchers enhance their threat hunting work

Censys announced two new product tiers of its search tool, Censys Search Solo and Censys Search Teams. These additions are part of a series of strategic initiatives to enhance the security community, including the introduction of Threat Hunting Boot Ca… Continue reading Censys unveils two new product tiers to help researchers enhance their threat hunting work

Censys Banks $75M for Attack Surface Management Technology

Michigan startup raises $75 million in new funding as venture capital investors bet big on attack surface management technologies.
The post Censys Banks $75M for Attack Surface Management Technology appeared first on SecurityWeek.
Continue reading Censys Banks $75M for Attack Surface Management Technology