#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Security patch | Breaking Cybersecurity News | The Hacker News

Category — Security patch
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Sep 27, 2024 Software Security / Vulnerability
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said , have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8)  CVE-2024-46906 (CVSS score: 8.8)  CVE-2024-46907 (CVSS score: 8.8)  CVE-2024-46908 (CVSS score: 8.8)  CVE-2024-46909 (CVSS score: 9.8), and CVE-2024-8785 (CVSS score: 9.8) Security researcher Sina Kheirkhah of Summoning Team has been credited with discovering and reporting the first four flaws. Andy Niu of Trend Micro has been acknowledged for CVE-2024-46909, while Tenable has been credited for CVE-2024-8785. It's worth noting that Trend Micro recently reported that threat actors are actively exploiting proof-of-concept (PoC) exploits for other recently disclosed security ...
Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

Jul 10, 2024 Endpoint Security / Vulnerability
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser over the past month. The two security shortcomings that have come under exploitation are below - CVE-2024-38080 (CVSS score: 7.8) - Windows Hyper-V Elevation of Privilege Vulnerability CVE-2024-38112 (CVSS score: 7.5) - Windows MSHTML Platform Spoofing Vulnerability "Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment," Microsoft said of CVE-2024-38112. "An attacker would have to send the victim a malicious file that the victim would have to execute." Check Point securi...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

Jun 28, 2024 Software Security / DevOps
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the vulnerabilities is CVE-2024-5655 (CVSS score: 9.6), which could permit a malicious actor to trigger a pipeline as another user under certain circumstances. It impacts the following versions of CE and EE - 17.1 prior to 17.1.1 17.0 prior to 17.0.3, and 15.8 prior to 16.11.5 GitLab said the fix introduces two breaking changes as a result of which GraphQL authentication using CI_JOB_TOKEN is disabled by default and pipelines will no longer run automatically when a merge request is re-targeted after its previous target branch is merged. Some of the other important flaws fixed as part of the lates...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

Mar 05, 2024 Vulnerability / Network Security
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3. "The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," JetBrains  said  in an advisory released Monday. TeamCity Cloud instances have already been patched against the two flaws. Cybersecurity firm Rapid7, which discovered and reported the issues on February 20, 2024, said CVE-2024-27198 is a case of authentication bypass that allows for a complete compromise of a susceptible server by a remote unauthenticated attacker. "Compromising a TeamCity server allows an at...
WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

Feb 20, 2024 Website Security / PHP Code
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in  version 1.9.6.1  released on February 13, 2024, merely days after WordPress security provider Snicco reported the flaw on February 10. While a proof-of-concept (PoC) exploit has not been released, technical details have been  released  by both Snicco and Patchstack, noting that the underlying vulnerable code exists in the prepare_query_vars_from_settings() function. Specifically, it concerns the use of security tokens called "nonces" for verifying permissions, which can then be used to pass arbitrary commands for execution, effectively allowing a threat actor to seize con...
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Feb 08, 2024 Cyber Threat / Network Security
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. All the issues, which were found during internal security testing, stem from insufficient CSRF protections for the web-based management interface that could permit an attacker to perform arbitrary actions with the privilege level of the affected user. "If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts," Cisco  said  about CVE-2024-20252 and CVE-2024-20254. On the other hand, successful exploitatio...
Taking the Risk-Based Approach to Vulnerability Patching

Taking the Risk-Based Approach to Vulnerability Patching

Jul 27, 2022
Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation. Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or multiple reports, especially when many teams are involved in the organization. Even when a process for patching is in place, organizations still struggle to effectively patch vulnerabilities in their assets. This is generally because teams look at the severity of vulnerabilities and tend to apply patches to vulnerabilities in the following severity order: critical > high > medium > low > info. The following sections explain why this approach is flawed and how it can be improved. Why is Patching Difficult? While it is well known that vulnerability patching is extremely important, it ...
Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available

Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available

Sep 03, 2021
Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system. Tracked as  CVE-2021-34746 , the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent authentication and log in to a vulnerable device as an administrator. The network equipment maker said it's aware of a publicly available proof-of-concept (PoC) exploit code targeting the vulnerability, but added it's not detected any successful weaponization attempts in the wild. CVE-2021-34746 issue is caused due to an incomplete validation of user-supplied input that's passed to an authentication script during the sign-in process, enabling an attacker to inject parameters into an authentication request. "A successful exploit could allow the attacker to bypass authenti...
VMware Issues Patches to Fix New Flaws Affecting Multiple Products

VMware Issues Patches to Fix New Flaws Affecting Multiple Products

Aug 26, 2021
VMware on Wednesday shipped  security updates  to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and vRealize Suite Lifecycle Manager (version 8.x), as listed below - CVE-2021-22022  (CVSS score: 4.4) - Arbitrary file read vulnerability in vRealize Operations Manager API, leading to information disclosure CVE-2021-22023  (CVSS score: 6.6) - Insecure direct object reference vulnerability in vRealize Operations Manager API, enabling an attacker with administrative access to alter other users' information and seize control of an account CVE-2021-22024  (CVSS score: 7.5) - Arbitrary log-file read vulnerability in vRealize Operations Manager API, resulting in sensitive info...
Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Jun 25, 2021
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet. "The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as 'zyxel_slIvpn', 'zyxel_ts', or 'zyxel_vpn_test', to manipulate the device's configuration," Zyxel said in an  email message , which was shared on Twitter. As of writing, it's not immediately known if the attacks are exploiting previously known vulnerabilities...
Apple May Start Delivering Security Patches Separately From Other OS Updates

Apple May Start Delivering Security Patches Separately From Other OS Updates

Mar 17, 2021
Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems. According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates. The changes were first reported by  the 9to5Mac  website. While Google's Android has had monthly security patches rolled out that are completely divorced from the OS-related updates, iOS has traditionally bundled security updates along with an upgrade to the latest version of the OS. For instance, Apple rolled out iOS 14.4.1 earlier this month just to address one security vulnerability in WebKit that could have allowed adversaries to run arbitrary code on devices via malicious web content. But with this new setting called "Install Security Updates" added to the software update menu, it's expected that Apple will let users choose between either installing the entire iOS update or just the...
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

Mar 03, 2021
Microsoft has  released emergency patches  to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft. Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access on-premises Exchange servers, in turn granting access to email accounts and paving the way for the installation of additional malware to facilitate long-term access to victim environments. The tech giant primarily attributed the campaign with high confidence to a threat actor it calls HAFNIUM, a state-sponsored hacker collective operating out of China, although it suspects other groups may also be involved. Discussing the tactics, techniques, and procedures (TTPs) of the group for the first time, Microsoft paints HAFNIUM as a "highly skilled and sophisticated actor" that m...
17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

Jul 14, 2020
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019. The 17-year-old remote code execution flaw ( CVE-2020-1350 ), dubbed ' SigRed ' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization's IT infrastructure. A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. In a detailed report shared with The Hacker News, Check Point researcher Sagi Tzadik confirmed that the flaw is wormable in nature, allowing attackers to launch an attack that can spread ...
Adobe Releases Patches for 'Likely Exploitable' Critical Vulnerabilities

Adobe Releases Patches for 'Likely Exploitable' Critical Vulnerabilities

Dec 10, 2019
The last Patch Tuesday of 2019 is finally here. Adobe today released updates for four of its widely used software—including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets—to patch a total of 25 new security vulnerabilities. Seventeen of these flaws have been rated as critical in severity, with most of them carrying high priority patches, indicating that the vulnerabilities are more likely to be used in real-world attacks, but there are currently no known exploits in the wild. The software update for Adobe Acrobat and Reader for Windows and macOS operating systems addresses a total of 21 security vulnerabilities, 14 of which are critical, and rest are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution attacks, allowing attackers to take complete control of targeted systems. Adobe Photoshop CC for Windows and macOS contains patches for two critical arbitrary...
[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Jan 05, 2018
Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both , Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a...
Huge Flaws Affect Nearly Every Modern Device; Patch Could Hit CPU Performance

Huge Flaws Affect Nearly Every Modern Device; Patch Could Hit CPU Performance

Jan 03, 2018
UPDATE: Researchers have finally disclosed complete technical details of two kernel side-channel attacks, Meltdown and Spectre — which affect not only Intel but also systems and devices running AMD, ARM processors —allowing attackers to steal sensitive data from the system memory. ____________ The first week of the new year has not yet been completed, and very soon a massive vulnerability is going to hit hundreds of millions of Windows, Linux, and Mac users worldwide. According to a blog post published yesterday, the core team of Linux kernel development has prepared a critical kernel update without releasing much information about the vulnerability. Multiple researchers on Twitter  confirmed that Intel processors (x86-64) have a severe hardware-level issue that could allow attackers to access protected kernel memory, which primarily includes information like passwords, login keys, and files cached from disk. The security patch implements kernel page-table isolation...
17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

Nov 15, 2017
You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of 'unpatched' Microsoft Office's built-in DDE feature , researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Microsoft Office 365, and works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update. Discovered by the security researchers at Embedi , the vulnerability leads to remote code execution, allowing an unauthenticated, remote attacker to execute malicious code on a targeted system without requiring user interaction after opening a malicious document. The vulnerability, identified as  CVE-2017-11882 , resides in EQNEDT32.EXE, an MS Office component which is responsibl...
Expert Insights / Articles Videos
Cybersecurity Resources