Flaw – Page 3 – OWASP Jakarta

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf Oct 13, 2024Ravie Lakshmanan The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf Read more

By adminowasp, 10 months ago

News

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches Oct 10, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of Read more

By adminowasp, 10 months ago

News

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications Oct 07, 2024Ravie LakshmananOpen Source / Software Security A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. Read more

By adminowasp, 10 months ago

News

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks Oct 04, 2024Ravie LakshmananWebsite Security / Vulnerability A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as Read more

By adminowasp, 10 months ago

News

14 DrayTek vulnerabilities patched, including max-severity RCE flaw

14 DrayTek vulnerabilities patched, including max-severity RCE flaw DrayTek patched 14 vulnerabilities affecting 24 of its router models, including a maximum severity buffer overflow flaw that could lead to remote code execution (RCE) or denial-of-service (DoS). The two critical-, nine high- and three medium-severity DrayTek bugs were discovered by Forescout Read more

By adminowasp, 10 monthsOctober 3, 2024 ago

News

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch Oct 03, 2024Ravie LakshmananVulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based Read more

By adminowasp, 10 months ago

News

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw Oct 02, 2024The Hacker NewsEmail Security / Vulnerability Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor’s Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, Read more

By adminowasp, 10 months ago

News

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk Sep 23, 2024Ravie LakshmananIoT Security / Vulnerability A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries Read more

By adminowasp, 10 months ago

News

ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function

ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function Sep 25, 2024Ravie LakshmananArtificial Intelligence / Vulnerability A now-patched security vulnerability in OpenAI’s ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool’s memory. The technique, dubbed SpAIware, Read more

By adminowasp, 10 months ago

News

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware Sep 23, 2024Ravie LakshmananCyber Espionage / Malware A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security Read more

By adminowasp, 10 months ago