#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Product Security | Breaking Cybersecurity News | The Hacker News

Category — Product Security
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

May 22, 2024 Enterprise Security / Vulnerability
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as  CVE-2024-29849  (CVSS score: 9.8), the  vulnerability  could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. The company has also disclosed three other shortcomings impacting the same product - CVE-2024-29850  (CVSS score: 8.8), which allows account takeover via NTLM relay CVE-2024-29851  (CVSS score: 7.2), which allows a privileged user to steal NTLM hashes of a Veeam Backup Enterprise Manager service account if it's not configured to run as the default Local System account CVE-2024-29852  (CVSS score: 2.7), which allows a privileged user to read backup session logs All the flaws have been addressed in version 12.1.2.172. However, Veeam noted that deploying Veeam ...
Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Apr 09, 2024 Vulnerability / IoT Security
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The vulnerabilities are tracked from CVE-2023-6317 through CVE-2023-6320 and impact the following versions of webOS - webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA A brief description of the shortcomings is as follows - CVE-2023-6317  - A vulnerability that allows an attacker to bypass PIN verification and add a privileged user profile to the TV set without requiring user interaction CVE-2023-6318  - A vulnera...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Expert Insights / Articles Videos
Cybersecurity Resources