Aggregator

Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

SonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access (SMA) 100 series SSL-VPN appliances. These vulnerabilities could allow attackers to execute remote code, bypass authentication, or compromise system integrity. SonicWall urges users to take immediate action by updating their devices to the latest firmware to mitigate these risks. These issues […]

The post Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Windows, macOS users targeted with crypto-and-info-stealing malware

Help Net Security
9 months 1 week ago

Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but thanks to clever misuse of AI and some social engineering, you can end up with information and cryptocurrency-stealing malware. Case in point: Cado Security Labs researchers have recently reported websites set up to impersonate companies offering a video conferencing app, but serving/pushing the Realst info-stealer. Preparing and executing the scam … More →

The post Windows, macOS users targeted with crypto-and-info-stealing malware appeared first on Help Net Security.

Zeljka Zorz

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

The Hackers News
9 months 1 week ago
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first
The Hacker News

Echoworx enhances secure access to encrypted messages

Help Net Security
9 months 1 week ago

Echoworx announced the addition of 2-Step Verification (2SV) when using OAuth and Passkeys for authentication for encrypted messages. This latest enhancement offers organizations an additional layer of security, addressing the growing demand for identity-first security measures during a time of heightened risks to sensitive information, including political and corporate data. The enhancement enables businesses to meet stricter multi-factor authentication mandates without compromising convenience. This update aligns with the increasing adoption of passwordless authentication, which Gartner … More →

The post Echoworx enhances secure access to encrypted messages appeared first on Help Net Security.

Industry News

CVE-2024-11730 | iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress static_data_list sort[] sql injection

VulDB Recent Entries
9 months 1 week ago
A vulnerability has been found in iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress and classified as critical. This vulnerability affects the function static_data_list. The manipulation of the argument sort[] leads to sql injection. This vulnerability was named CVE-2024-11730. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-11729 | iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress service_list[0][service_id] sql injection

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as critical, was found in iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress. This affects the function service_list[0][service_id]. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11729. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Managed ad