Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code. While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been […]

The post Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709 appeared first on Security Intelligence.

Continue reading Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

Adobe Releases Patches for ‘Likely Exploitable’ Critical Vulnerabilities

The last Patch Tuesday of 2019 is finally here.

Adobe today released updates for four of its widely used software—including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets—to patch a total of 25 new security vulnerabilities.

Seventee… Continue reading Adobe Releases Patches for ‘Likely Exploitable’ Critical Vulnerabilities

Microsoft patches critical vulnerability comparable to WannaCry

Microsoft released fixes Tuesday for a “wormable” remote code execution flaw reminiscent of the vulnerability that allowed WannaCry ransomware to propagate to computers around the globe in 2017. The Remote Desktop Services vulnerability, which Microsoft has rated as critical, could allow hackers to install programs, and view, change, or delete data. It requires no user interaction to work, meaning users don’t have to click on anything, such as a link, document, or message box, and attackers don’t need to run social engineering projects to dupe users. Microsoft took the unusual step of launching security updates for all users, including unsupported operating systems like XP and Windows 2003, due to the risk that the flaw can lead to self-propagating attacks. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the […]

The post Microsoft patches critical vulnerability comparable to WannaCry appeared first on CyberScoop.

Continue reading Microsoft patches critical vulnerability comparable to WannaCry

ASUS issues patch, downplays scope of APT hack of its supply chain

Taiwanese hardware manufacturer ASUS on Tuesday announced a software update in response to a nation-state-linked hack and downplayed the scale of the compromise of its supply chain. “Only a very small number of [a] specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted,” ASUS said in a press release. The statement contrasted with the findings of Kaspersky Lab researchers, who described the breach as perhaps “one of the biggest supply-chain incidents ever.” The attackers compromised an ASUS server to send malicious updates that affected about 1 million computer users between June and November 2018, according to the researchers, though only 600 appeared to be targeted for attack. ASUS accounted for 6 percent of global PC shipments in the third quarter of 2018, according to Gartner. The company also makes mobile phones, smart home devices, and other […]

The post ASUS issues patch, downplays scope of APT hack of its supply chain appeared first on CyberScoop.

Continue reading ASUS issues patch, downplays scope of APT hack of its supply chain

Drupal Patches Highly Critical Remote Code Execution Vulnerability

Websites based on the Drupal content management system might be affected by a highly critical vulnerability that could result in remote code execution. The vulnerability affects websites running Drupal 8 with RESTful Web Services (rest) module enabled… Continue reading Drupal Patches Highly Critical Remote Code Execution Vulnerability

85 Android Adware Apps Downloaded 9 Million Times

Researchers have found another batch of malicious Android applications on Google Play that spam users with annoying full-screen ads and make using their phones difficult. Trend Micro calls the adware AndroidOS_HidenAd and found it inside 85 apps that … Continue reading 85 Android Adware Apps Downloaded 9 Million Times