#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Product Security | Breaking Cybersecurity News | The Hacker News

Category — Product Security
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

May 22, 2024 Enterprise Security / Vulnerability
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as  CVE-2024-29849  (CVSS score: 9.8), the  vulnerability  could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. The company has also disclosed three other shortcomings impacting the same product - CVE-2024-29850  (CVSS score: 8.8), which allows account takeover via NTLM relay CVE-2024-29851  (CVSS score: 7.2), which allows a privileged user to steal NTLM hashes of a Veeam Backup Enterprise Manager service account if it's not configured to run as the default Local System account CVE-2024-29852  (CVSS score: 2.7), which allows a privileged user to read backup session logs All the flaws have been addressed in version 12.1.2.172. However, Veeam noted that deploying Veeam Backup Enterprise Manager is o
Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Apr 09, 2024 Vulnerability / IoT Security
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The vulnerabilities are tracked from CVE-2023-6317 through CVE-2023-6320 and impact the following versions of webOS - webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA A brief description of the shortcomings is as follows - CVE-2023-6317  - A vulnerability that allows an attacker to bypass PIN verification and add a privileged user profile to the TV set without requiring user interaction CVE-2023-6318  - A vulnerability th
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Sep 13, 2024Device Security / Identity Management
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials ( Verizon DBIR, 2024 ). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.  However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to deliver probabilistic defenses. Learn more about the characteristics of Beyond Identity that allow us to deliver deterministic defenses.  The Challenge: Phishing and Credential Theft Phishing attacks trick users into revealing their credentials via deceptive sites or messages sent via SMS, email, and/or voice calls. Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it. Users may still fall prey to scams, and stolen credentials can be exploited. Legacy MFA is a particularly urgent problem, given that attackers
Expert Insights / Articles Videos
Cybersecurity Resources