CVE/vulnerability Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform https://gbhackers.com/category/cvevulnerability/ GBhackers Offering Exclusive Cyber Security News Coverage, New Research papers & Technology Updates. Fri, 08 Nov 2024 06:15:18 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://gbhackers.com/wp-content/uploads/2024/09/cropped-gbh-32x32.png CVE/vulnerability Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform https://gbhackers.com/category/cvevulnerability/ 32 32 CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks https://gbhackers.com/cisa-warns-of-critical-palo-alto-networks-vulnerability-exploited-in-attacks/ https://gbhackers.com/cisa-warns-of-critical-palo-alto-networks-vulnerability-exploited-in-attacks/#respond Fri, 08 Nov 2024 06:15:17 +0000 https://gbhackers.com/?p=114630 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability in Palo Alto Networks’ Expedition tool, which could lead to severe security breaches. The vulnerability, CVE-2024-5910, is classified as a “Missing Authentication” flaw that potentially allows attackers with network access to take control of an Expedition admin account. According to CISA’s […]

The post CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/cisa-warns-of-critical-palo-alto-networks-vulnerability-exploited-in-attacks/feed/ 0
Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information https://gbhackers.com/cisco-desk-phone-series-vulnerability/ https://gbhackers.com/cisco-desk-phone-series-vulnerability/#respond Thu, 07 Nov 2024 12:28:08 +0000 https://gbhackers.com/?p=114625 A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 that could allow remote, unauthenticated attackers to access sensitive information. This vulnerability, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), is due to improper storage of sensitive information within the web […]

The post Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/cisco-desk-phone-series-vulnerability/feed/ 0
Cisco Flaw Let Attackers Run Command as Root User https://gbhackers.com/cisco-flaw-attackers-run-command-root-user/ https://gbhackers.com/cisco-flaw-attackers-run-command-root-user/#respond Thu, 07 Nov 2024 06:03:54 +0000 https://gbhackers.com/?p=114613 A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw tracked as CVE-2024-20418 enables unauthenticated, remote attackers to perform command injection attacks and execute arbitrary commands as the root user on the underlying operating system of the affected devices. Vulnerability Details – […]

The post Cisco Flaw Let Attackers Run Command as Root User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/cisco-flaw-attackers-run-command-root-user/feed/ 0
Azure API Management Vulnerabilities Let Attackers Escalate Privileges https://gbhackers.com/azure-api-management-vulnerabilities-let-attackers-escalate-privileges/ https://gbhackers.com/azure-api-management-vulnerabilities-let-attackers-escalate-privileges/#respond Wed, 06 Nov 2024 09:53:27 +0000 https://gbhackers.com/?p=114570 Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal privileges to escalate their access and take full control over the APIM service. These vulnerabilities were reported to Microsoft, leading to some fixes. However, certain issues remain unresolved, exposing many users unless they manually disable legacy API […]

The post Azure API Management Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/azure-api-management-vulnerabilities-let-attackers-escalate-privileges/feed/ 0
Google Patches High-Severity Vulnerabilities in Chrome https://gbhackers.com/google-patches-high-severity-vulnerabilities/ https://gbhackers.com/google-patches-high-severity-vulnerabilities/#respond Wed, 06 Nov 2024 08:55:15 +0000 https://gbhackers.com/?p=114562 Google has released a new update for its Chrome browser, addressing two high-severity vulnerabilities. The Stable channel has now been updated to version 130.0.6723.116/.117 for Windows and Mac and version 130.0.6723.116 for Linux. The update will be rolled out to users over the next few days or weeks, and a complete list of changes is available in the Chrome […]

The post Google Patches High-Severity Vulnerabilities in Chrome appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/google-patches-high-severity-vulnerabilities/feed/ 0
Google Patched 40 Security Vulnerabilities Along With Two Zero-Days https://gbhackers.com/google-patched-40-security-vulnerabilities/ https://gbhackers.com/google-patched-40-security-vulnerabilities/#respond Tue, 05 Nov 2024 07:24:06 +0000 https://gbhackers.com/?p=114479 Google has released a batch of security updates addressing 40 vulnerabilities, two of which are critical zero-day exploits. As reported in the November 2024 Android Security Bulletin, these updates are crucial for maintaining the integrity and safety of Android devices worldwide. The November 5, 2024, security patch is designed to tackle a broad spectrum of […]

The post Google Patched 40 Security Vulnerabilities Along With Two Zero-Days appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/google-patched-40-security-vulnerabilities/feed/ 0
A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack https://gbhackers.com/you-dun-hacking-toolkit-attack/ https://gbhackers.com/you-dun-hacking-toolkit-attack/#respond Mon, 04 Nov 2024 11:58:04 +0000 https://gbhackers.com/?p=114246 The “You Dun” hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging tools like WebLogicScan, Vulmap, and Xray for reconnaissance. They further escalated privileges on compromised hosts with tools like traitor and CDK.  Active Cobalt Strike server leaked, revealing its use in various cyberattacks, including ransomware deployment (LockBit 3) and data theft. The […]

The post A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/you-dun-hacking-toolkit-attack/feed/ 0
Okta Verify Agent for Windows Flaw Let Attackers Steal User Passwords https://gbhackers.com/okta-verify-agent-for-windows-flaw/ https://gbhackers.com/okta-verify-agent-for-windows-flaw/#respond Mon, 04 Nov 2024 10:14:54 +0000 https://gbhackers.com/?p=114432 A newly discovered vulnerability in Okta’s Device Access features for Windows could allow attackers to steal user passwords on compromised devices. The flaw affecting the Okta Verify agent for Windows specifically concerns how the software interacts with OktaDeviceAccessPipe, a component that handles passwordless multi-factor authentication (MFA) logins. The flaw could enable malicious actors to retrieve […]

The post Okta Verify Agent for Windows Flaw Let Attackers Steal User Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/okta-verify-agent-for-windows-flaw/feed/ 0
MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges https://gbhackers.com/mediatek-high-severity-vulnerabilities/ https://gbhackers.com/mediatek-high-severity-vulnerabilities/#respond Mon, 04 Nov 2024 08:58:29 +0000 https://gbhackers.com/?p=114424 In its recent MediaTek Product Security Bulletin, the chipmaker disclosed two high-severity security vulnerabilities that affect multiple devices, including smartphones, tablets, AIoT (Artificial Intelligence of Things), smart displays, and more. The vulnerabilities could allow attackers to escalate their privileges on affected devices, leading to unauthorized access and control.  The vulnerabilities were identified and assessed using […]

The post MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/mediatek-high-severity-vulnerabilities/feed/ 0
Google Chrome Security, Critical Vulnerabilities Patched https://gbhackers.com/chrome-vulnerabilities-patched/ https://gbhackers.com/chrome-vulnerabilities-patched/#respond Wed, 30 Oct 2024 06:05:17 +0000 https://gbhackers.com/?p=114342 Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions of users worldwide. The latest Stable channel update, version 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux will be rolled out over the coming days and weeks. This update extends to the Extended Stable channel with version 130.0.6723.92 for […]

The post Google Chrome Security, Critical Vulnerabilities Patched appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/chrome-vulnerabilities-patched/feed/ 0