PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to p… Continue reading PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)

June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 CVE-numbered vulnerabilities have been fixed in total, none of which have been… Continue reading Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)

Tenable to Acquire Eureka Security to Boost DSPM Capabilities

Tenable goes shopping again in Israel with plans to buy early stage startup Eureka Security to boost data security posture management tooling.
The post Tenable to Acquire Eureka Security to Boost DSPM Capabilities appeared first on SecurityWeek.
Continue reading Tenable to Acquire Eureka Security to Boost DSPM Capabilities

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code executi… Continue reading Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. Continue reading Patch Tuesday, May 2024 Edition

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauth… Continue reading Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro&#821… Continue reading Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

AI Deepfakes Rising as Risk for APAC Organisations

A cyber security expert from Tenable has called on large tech platforms to do more to identify AI deepfakes for users, while APAC organisations may need to include deepfakes in risk assessments. Continue reading AI Deepfakes Rising as Risk for APAC Organisations

Cyber attacks on critical infrastructure show advanced tactics and new capabilities

In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymake… Continue reading Cyber attacks on critical infrastructure show advanced tactics and new capabilities