News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: vulnerability

Zoom: Highly Dangerous Vulnerabilities
March 21, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

An update is recommended for users of Zoom clients on various systems. Of the currently reported vulnerabilities, two are classified as highly dangerous and three others as moderately dangerous. Zoom provides appropriate security updates for Android, iOS, Linux, macOS and Windows. The vulnerabilities reported by Zoom are 8.3 and 7.2 according to CVSS. These are not considered critical, but should be patched immediately. Zoom provides suitable patches or software updates for this. Vulnerabilities with CVSS 8.3 and 7.2 The first vulnerability with CVSS 8.3 concerns the “Incorrect implementation of trust boundary for SMB in Zoom clients”…

Read more

BSI: Critical vulnerability in Control Web Panel
19 January 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The well-known and widely used Web Hosting Control Web Panel (CWP) has a critical security vulnerability from 9.8 to CVSSv3.1. Attackers can install shells on the server or collect and extract information. On January 3, 2023, IT security researcher Numan Türle from Gais Cyber ​​Security published a proof of concept for a vulnerability in the server management software Control Web Panel (CWP) - formerly CentOS Web Panel. The vulnerability allows a remote, unauthenticated attacker to execute code on the affected system based on a lack of input neutralization. The information was released...

Read more

90 HP Notebooks and Desktops with BIOS Vulnerability
22 November 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A potential security vulnerability has been identified in the system BIOS of 90 HP Notebook PCs, Desktop PCs and Desktop Workstation PCs that could allow escalation of privilege and code execution. HP is providing firmware updates to mitigate the potential security vulnerability. HP has identified the affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. Affected platforms include many HP models such as: HP Notebook Series Elite x2, EliteBook, ProBook, ZBook Series HP Desktop PC Series Elite Slice, EliteDesk, EliteOne, ProDesk, ProOne HP Desktop Workstation PC Series Z1 All-in Series -One, Z2…

Read more

Follina zero-day vulnerability in MS Office
June 5, 2022
| No comments
| Short news, Sophos
SophosNews

A new zero-day remote code execution bug in Microsoft Office is causing a stir. More specifically, it is likely a code execution vulnerability that can be exploited through Office files. Based on what is known so far, there may be other ways to trigger or abuse this vulnerability. Security researcher Kevin Beaumont has named the vulnerability "Follina," which is proving to be a useful search term on the topic until an official CVE number is assigned. In addition, Microsoft has now published an official workaround. Sophos expert Paul Ducklin gives…

Read more

Some security vulnerabilities in Wyze Cam IoT camera cannot be fixed
10 April 2022
| No comments
| Bitdefender, Short news
Bitdefender_News

Bitdefender has discovered security vulnerabilities in Wyze CAM IP video cameras. Attackers can bypass the authentication process, gain complete control over the device and read information and configuration data from the camera's SD card and install other malicious code. An update closes the gap from the Wyze Cam V2. However, patching is not possible for the first version of the camera. Surveillance cameras deliver sensitive content and the evaluation of the data is subject to strict data protection regulations. Some security gaps that allow access to recorded videos therefore not only endanger the security of a building,…

Read more

Sonicwall firewalls with critical vulnerabilities 
3 April 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Sonicwall uses a vulnerability list on its Security Advisory information page to point out security gaps in various firewalls. Attackers could inject code with manipulated packets or even paralyze the firewall. Vulnerabilities exist in some Sonicwall firewalls, allowing remote attackers to even inject malicious code. as a result, devices can also be paralyzed by a DoS attack. The manufacturer Sonicwall already provides information on the security gap and patches. Many firewalls affected by vulnerabilities Administrators should close the gaps quickly, since the problem with the CVE-2022-22274 with a score of 9.4 as a critical...

Read more

Dangerous OpenSSL vulnerability 
March 29, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Global OpenSSL software for data encryption urgently needs updating. The threat level of the vulnerability is considered “High”. Transport encryption based on TLS is thus at risk. Servers, clients and IoT infrastructures should be patched. The BSI also warns. A new threatening vulnerability endangers all systems worldwide that use OpenSSL, one of the most widely used software for encryption of all kinds, for transport encryption based on TLS. When processing certain TLS certificates, targeted attacks can bring clients and servers to a complete standstill (DoS - Denial of Service). “Servers, clients and other devices must be checked immediately and patched if necessary. Because this software…

Read more

Log4j vulnerability in ASCEND closed quickly
16 January 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The Log4j vulnerability in December 2021 caused a major stir in cybersecurity. ASCEND reacted immediately and examined and secured all hardware and software systems - also for customers. In December 2021, a vulnerability rated as extremely critical was discovered in the widely used Java library Log4j. It allows cyber criminals to easily access a targeted server to run malware or take control of the system. ASCEND reacted immediately and checked all systems for this gap. Patches have closed Log4j gaps "Our hardware manufacturers and software partners have the few...

Read more

Log4j: Interview with the Swiss developer
4 January 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The Java library Log4j was developed in 1997 by Ceki Gülcü with two colleagues in Switzerland - in the Neue Züricher Zeitung NZZ, the inventor tells the story of the origins of the open source software, which is now keeping the entire IT world on its toes due to a weak point . 24 years ago, Ceki Gülcü and two colleagues in Zurich developed the code for a software component for the Java programming language called Log4j. For many years the term Log4j was only known to experts. But today the software is in millions of applications and devices. Therefore now deals ...

Read more

Log4j alarm: what Sophos recommends
17 December 2021
| No comments
| PR News, Sophos
Log4j Log4shell

Java vulnerability Log4j - Log4Shell - What happened and what should be done now. After Hafnium, Kaseya or Solarwinds, companies urgently need to grapple with a high-profile server vulnerability called Log4j - Log4Shell. Sophos clarifies the most important facts and tells you what to do. The name Log4Shell refers to the fact that the exploited bug is contained in a popular Java code library called Log4j (Logging for Java), and to the fact that if attackers successfully exploit the vulnerability, they practically get a shell - that is, the opportunity , any system code of your choice ...

Read more

© 2024 MedPressIT GbR
Cookie Settings