News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tags: patch

F5 BIG-IP: BSI warns of highly dangerous vulnerabilities
10 May 2025
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI has issued a warning about F5 products because they contain several highly dangerous security vulnerabilities that should be closed. The BIG-IP is a network appliance on which most F5 products run. The CVSS 3.1 scores are between 7.5 and 8.8 and are therefore considered highly dangerous. Several vulnerabilities with high CVSS 3.1 scores have been identified in various F5 products. According to the BSI, an attacker could exploit several vulnerabilities in F5 BIG-IP to circumvent security measures, trigger a denial of service, or execute code. CVE-2025-46265 affects F5OS-A and F5OS-C with a score of 8.8 and...

Read more

Cyber ​​Risk Index falls slightly – but not for all companies
29 April 2025
| No comments
| PR News, TrendMicro
Cyber ​​Risk Index falls slightly – but not for all companies – Image by Oleg Gamulinskii on Pixabay

Companies that rely on proactive security demonstrably reduce their risk, as reflected in the Cyber ​​Risk Index (CRI) study. Risky access to cloud applications and the use of outdated Microsoft Entra ID accounts are among the most significant threats for companies. The Cyber ​​Risk Index (CRI) shows a decline in cyber risk across its key metrics. With an annual average of 38,4, the value for 2024 was 6,2 points lower than the previous year's CRI. Trend Micro's Cyber ​​Risk Index indicates cyber risk on a scale of 0 to 100. The data shows...

Read more

Zero-Day: Highly dangerous security vulnerability in Microsoft Windows
March 16, 2025
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A new, highly dangerous security vulnerability in Microsoft Windows allows the execution of malicious code via a zero-day exploit. The vulnerability, discovered by ESET researchers, was published by Microsoft a few days ago and should have been closed by updates, provided they had been installed. Researchers at the European IT security vendor ESET have discovered an extremely dangerous security vulnerability (CVE-2025-24983) in older versions of Microsoft Windows. A vulnerability in the code allowed the execution of a zero-day exploit. Experts define this as malware that exploits unpatched security vulnerabilities. For a successful attack, the victim's computer had to already be infected with a backdoor.

Read more

Patchday at SAP
16 November 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

SAP has released several patches that affect a total of eight vulnerabilities. One of them is classified as severe. The most serious is a cross-site scripting vulnerability in the SAP Web Dispatcher. An unauthenticated attacker can create a malicious link that they make publicly available. When an authenticated victim clicks on this malicious link, the input data is used by the web page generator to create content that, when executed in the victim's browser (XXS) or transferred to another server (SSRF), gives the attacker the ability to execute arbitrary code on the server and thus compromise the...

Read more

Security vulnerability enables SQL injection attacks
6 November 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Broadcom warns in a security advisory that VMware HCX is affected by an SQL injection vulnerability. Authenticated users with low privileges can use manipulated SQL queries to inject code into the HCX Manager. Broadcom provides updated software that fixes the error that enables SQL injection. IT managers should update immediately. The VMware HCX version branches 4.8.x, 4.9.x and 4.10.x are affected. The updates to VMware HCX 4.8.3, 4.9.2 and 4.10.1 fix the security-relevant errors in the software. The security leak CVE-2024-38814 is just below the critical risk level with a CVSS value of 8.8. VMware HCX is…

Read more

Highly dangerous vulnerability in Linux CUPS
4 October 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The CUPS (Common Unix Printing System) is a print spooler that now has a highly dangerous vulnerability. The BSI states that the gap has a CVSS value of 8.2 out of 10 and should definitely be patched. CUPS (Common Unix Printing System) is a print spooler that allows local and remote users to use printing functions via the Internet Printing Protocol (IPP). The highly dangerous vulnerability allows a remote, anonymous attacker to exploit several vulnerabilities in CUPS to execute arbitrary program code with the privileges of the service and to disclose information. Individual parts are critical gaps The…

Read more

Reduce security risk with patchless patching
August 19, 2024
| No comments
| PR News
Reduce security risk with patchless patching

A leading provider of cloud-based IT, security and compliance solutions is introducing a comprehensive remediation solution that goes beyond patching to help organizations further reduce risk, providing additional innovative remediation methods when patching is not feasible. This approach leverages patchless patching, targeted isolation and other remediation strategies to ensure robust protection. Patch management is a core capability for remediating vulnerabilities, but it is not always the most practical or only option. It is becoming increasingly difficult to fix all vulnerabilities because patching can cause business disruption,…

Read more

Vulnerability in SonicOS IPsec VPN
July 25, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

SonicWall: The current security vulnerability SNWLID-2024-0012 in SonicOS has a severity level of 7.5 according to CVSS 3 and is therefore considered highly dangerous. It may enable denial-of-service (DoS) attacks that can paralyze the system. Updates are available. The SonicWall security vulnerability SNWLID-2024-0012 is highly dangerous with a severity level of 7.5 according to CVSS 3. To minimize potential impacts, admins should restrict incoming IPSec VPN access to trusted sources. Or disable IPSec VPN access from Internet sources. This vulnerability allows an unauthenticated attacker to use specially crafted requests to carry out a denial-of-service (DoS) attack that can paralyze the system. Firewall can be paralyzed...

Read more

BSI warns: Another critical vulnerability in MOVEit FTP module
July 1, 2024
| No comments
| PR News
BSI warns: Another critical vulnerability in MOVEit FTP module Image: MS - KI

MOVEit hit the headlines in 2023 due to serious security vulnerabilities, especially in the FTP module. The Cl0p group exploited the vulnerability and immediately attacked many companies. Now there is another critical vulnerability with a CVSS value of 9.1 out of 10, and there are already active attacks again. For many companies that use MOVEit, it is like déjà vu: just last year, several vulnerabilities led to attacks by the Cl0p group. A lot of data was stolen and offered for sale online. Now the BSI is warning again about a new vulnerability in the SFTP module...

Read more

Critical vulnerabilities at Fortinet
20. February 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, which is used in the manufacturer's firewalls. The vulnerability allows unauthenticated external attackers to execute code and commands via crafted HTTP requests. According to the Common Vulnerability Scoring System (CVSS), the vulnerability received a rating of “critical” with a score of 9,8. The US security authority CISA, like the BSI, has issued a warning and states that the security vulnerability in FortiOS is already being actively attacked by hackers. Fortinet has…

Read more

© 2025 MedPressIT Selinger
Cookie Settings