News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: vulnerability

Network access possible: Lexmark SMB printer with 8.6 security vulnerability
10 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark SMB devices. In some cases, an attacker can use SSRF to move through corporate networks to exploit otherwise unreachable internal systems or extract secrets. Updates are available. In its Security Advisory, Lexmark informs users of Lexmark devices for the SME sector about a highly dangerous security vulnerability with a CVSS value of 8.6 out of 10. This makes network access possible for attackers via Server-Side Request Forgery (SSRF). The manufacturer recommends an immediate update of the firmware of the affected devices. Over 150...

Read more

Critical vulnerabilities at Fortinet
20. February 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, which is used in the manufacturer's firewalls. The vulnerability allows unauthenticated external attackers to execute code and commands via crafted HTTP requests. According to the Common Vulnerability Scoring System (CVSS), the vulnerability received a rating of “critical” with a score of 9,8. The US security authority CISA, like the BSI, has issued a warning and states that the security vulnerability in FortiOS is already being actively attacked by hackers. Fortinet has…

Read more

US agency CISA takes Ivanti devices offline
9. February 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The American Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency order calling on all federal agencies to take Ivanti devices offline. The background to this measure is the discovery of security gaps in network products from the manufacturer Ivanti. The “Ivanti Connect Secure” and “Ivanti Policy Secure” products are affected. CISA published conditions that must be met before the US manufacturer's devices are allowed back on the network. This includes resetting to factory settings and updating to a bug-fixed version. Passwords and certificates also have to be reissued. CISA writes on…

Read more

Android 11, 12, 13 with critical security vulnerability
11 November 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Android released a new list of security vulnerabilities for Android 11, 12 and 13 in November. In addition to one critical gap, there are also another 14 highly dangerous gaps. The security bulletin warns of additional vulnerabilities, depending on whether Arm, MediaTek or Qualcomm components are installed in the mobile device. Google's security bulletin for November 2023 is worryingly long. However, the security vulnerabilities listed there do not apply to every Android device, even if it uses Android 11, 12 or 13. But the general vulnerabilities also contain a critical…

Read more

Hacker group exploits zero-day vulnerability
4 November 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Government agencies and a think tank in Europe were attacked by the APT group Winter Vivern. Here, the hackers use so-called cross-site scripting attacks to exploit a zero day vulnerability in the Roundcube webmail servers used in order to then read (confidential) emails. Roundcube is an open source webmail software used by many government departments and organizations such as universities and research institutes. ESET recommends that users update to the latest available version of the software as soon as possible. ESET discovered the vulnerability on October 12, 2023 and immediately reported it to the Roundcube team, who reported the vulnerability two…

Read more

Hospitality industry: Attacks on booking platform
September 22, 2023
| No comments
| Bitdefender, Short news
Bitdefender_News

Cybercriminals stole the credit card details, personal information and passwords of customers of the restaurant booking platform IRM-NG. Bitdefender has published the latest research results from a cyber criminal campaign currently underway on the IRM-NG booking platform used in the hotel and hospitality industry. The attackers use vulnerabilities in the platform in combination with backdoors and techniques to bypass password validation on the end device and thus steal credit card data, passwords and customers' personal data. Security gap still exists Bitdefender has not received any response from the manufacturer Resort Data Processing (RDP) to its information for months. The vulnerability still exists and…

Read more

Vulnerability in Citrix ShareFile
September 7, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Tenable Research has discovered a current security vulnerability in Citrix - specifically in Citrix ShareFile. If this vulnerability is exploited, an attacker could steal credentials or tokens, execute code in the context of the victim's browser, or perform a variety of other dangerous actions. Despite the potential impact of the vulnerability, Citrix has chosen not to release information about this issue or notify customers after the issue has been patched. Customers are completely dependent on the cloud providers to resolve the reported issues and must blindly trust that…

Read more

AOK: Software vulnerability - BSI confirms data leak
June 4, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The AOK and many of their nationwide offices use the software product MOVEit Transfer. There is now the dangerous vulnerability CVE-2023-34362, which is not yet classified. However, the BSI has given the vulnerability the second-highest internal warning level, Orange, and writes “The BSI is monitoring the active exploitation of the vulnerability with confirmed data leakage.” The manufacturer Progress already published on May 31, 2023 that a critical vulnerability had been found in its software product MOVEit Transfer. Exploitation of the vulnerability allows privilege escalation and unauthorized access to the file system. Progress is already providing…

Read more

Critical 9,8 vulnerability in Microsoft Message Queuing Service
12 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A vulnerability in the Microsoft Message Queuing Service (MSMQ) allows attackers to take control of a server using just a single packet of data. The component is also part of MS Exchange. A patch for the vulnerability is available and should be installed immediately. A service neglected by Microsoft called Microsoft Message Queuing Service can currently be exploited by criminal hackers to attack corporate networks. Dubbed Queue Jumper, the vulnerability allows attackers to remotely inject and execute arbitrary code. Microsoft has already responded...

Read more

Critical vulnerability in myMail client for iOS
5 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

mailbox.org has discovered a critical vulnerability in the myMail client for iOS, which is used by millions. Since the password transmission takes place unencrypted, this endangers the users. The vulnerability was discovered by accident because an error message was found in the TLS logs. The experts were then able to extract the passwords. The mailbox.org team, the Berlin-based e-mail service specializing in data protection and data security, has discovered a critical security vulnerability in the myMail client for iOS that leads to unencrypted transmission of user passwords and e-mails. mailbox.org issued a corresponding warning to the users of myMail together with the security researcher...

Read more

© 2024 MedPressIT GbR
Cookie Settings