• The Cyber Express

Google recently addressed a flaw within cellular modem vulnerabilities that can pose risk to smartphone users. The cellular baseband is responsible for handling all cellular communications, including ... Read more

• Cybersecurity News

Screenshot of the sample found on the VirusTotal platformCybersecurity analysts at Group-IB have uncovered a sophisticated malware campaign targeting bank customers in Central Asia. Dubbed “Ajina.Bank ... Read more

• TheCyberThrone

Apache OFBiz has got a security update for a flaw CVE-2024-45195 with a CVSS score of 7.5 that  allows attackers to bypass authorization checks and execute arbitrary code on the server, even without v ... Read more

• Cybersecurity News

Image: Rapid7According to a report from Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected since the CVE-2024-45195 vulnerability in Apache OFBiz was disclosed. Th ... Read more

• security.nl

Apache heeft een kritieke kwetsbaarheid in ERP-oplossing OFBiz verholpen waardoor een ongeauthenticeerde aanvaller op afstand code op het ERP-systeem kan uitvoeren. Onlangs werden twee andere beveilig ... Read more

• The Cyber Express

Popular open-source enterprise Resource Planning (ERP) system, Apache OFBiz, recently discovered harboring a critical Remote Code Execution (RCE) vulnerability. Tracked as CVE-2024-45195, the Apache O ... Read more

• Help Net Security

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code ... Read more

• The Hacker News

Cybersecurity / Vulnerability A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenti ... Read more

• BleepingComputer

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. ... Read more

• Cybersecurity News

The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,” which has put over 22,000 packages at risk of exploitation. Unlike traditional typosquat ... Read more

• Cybersecurity News

Access to the API without the need for any authentication | Image: Legit SecurityA new report released by Legit Security has raised significant concerns about the security posture of publicly accessib ... Read more

• Cybersecurity News

Researcher Sina Kheirkhah of the Summoning Team has published the technical details and a proof-of-concept (PoC) exploit for a critical vulnerability, identified as CVE-2024-6670, affecting Progress S ... Read more

• The Register

in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet. The vulnerability (CVSS 8.7, CVE-2024-7029) ... Read more

• Dark Reading

Source: tofino via Alamy Stock PhotoCISA has added a critical security flaw in the Apache OFBiz open source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catal ... Read more

• security.nl

Apache OFBiz ERP-systemen zijn opnieuw het doelwit van aanvallen, zo waarschuwt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerikaanse ministerie van Homeland Security. OFBiz ... Read more

• The Cyber Express

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a security vulnerability affecting Apache OFBiz, the open-source enterprise resource planning (ERP) system. This Apache OFB ... Read more

• The Hacker News

Software Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource ... Read more

• TheCyberThrone

Researchers have uncovered a critical vulnerability in WPML multilingual CMS Plugin for WordPress that leads to a Remote Code Execution, which potentially allows the compromise of impacted websites.Th ... Read more

• TheCyberThrone

The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitationCVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect ... Read more

• Cybersecurity News

Image: securelayer7The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about an actively exploited security flaw in Apache OFBiz, a popular open-source enterp ... Read more

• Cybersecurity News

Despite its discovery over two years ago, the Log4j vulnerability, known as Log4Shell (CVE-2021-44228), continues to pose a significant threat to global cybersecurity. A recent report from Datadog Sec ... Read more

• Cybersecurity News

Gafgyt attack flow | Image: Aqua NautilusResearchers at Aqua Nautilus have identified a new variant of the Gafgyt botnet that represents a significant evolution in malware targeting strategies. Origin ... Read more

• Cybersecurity News

Cybersecurity researchers at iVerify, in collaboration with Palantir Technologies and Trail of Bits, have uncovered a significant vulnerability in millions of Google Pixel devices worldwide. The flaw, ... Read more

• Cybersecurity News

Please enable JavaScriptA severe security vulnerability has been discovered in the widely-used AI library llama_cpp_python, potentially allowing threat actors to execute malicious code on affected sys ... Read more

• Cybersecurity News

MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability, tracked as CVE-2024-36877, that affects a wide range of its motherboards. The vulnerability, residing ... Read more

• Cybersecurity News

SAP has released its monthly security patches for August 2024, addressing a range of vulnerabilities across its extensive product portfolio. The update includes fixes for 17 new security notes and 8 u ... Read more

• Cybersecurity News

A serious security threat called Dark Skippy has emerged in the cryptocurrency world. This method allows malicious actors to extract private keys from transaction signing devices, such as hardware wal ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being ... Read more

• BleepingComputer

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a ... Read more

• Cybersecurity News

Today, cybersecurity researcher Zeyad Azima from SecureLayer7 and Youssef Muhammad have published a proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-38856) in the Apache OFBi ... Read more

• Cybersecurity News

At Black Hat 2024, security researcher Alon Leviev from SafeBreach security researcher unveiled two zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202) that could be exploited to reverse patches ... Read more

• TheCyberThrone

Google has released patches for 46 bugs affecting its Android operating system in its August 2024 security update. This includes an actively exploited kernel vulnerability tracked as CVE-2024-36971 af ... Read more

• TheCyberThrone

The U.S. CISA added a deserialization of untrusted data vulnerability in Microsoft COM for Windows, tracked as CVE-2018-0824 with a CVSS score of 7.5, to its Known Exploited Vulnerabilities (KEV) cata ... Read more

• TheCyberThrone

The Apache InLong project has issued a security advisory regarding a critical vulnerability discovered in its TubeMQ component, that could allow code injection flaw could allow remote attackers to exe ... Read more

• Help Net Security

Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick ... Read more

• Cyber Security News

A critical zero-day vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system, has been discovered that could allow unauthenticated attackers to execute arbitrary code re ... Read more

• The Hacker News

Enterprise Security / Vulnerability A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system t ... Read more

• Dark Reading

Brian Jackson via Alamy Stock PhotoA critical pre-authentication remote code execution (RCE) security vulnerability in Apache OFBiz could open organizations to data theft, lateral movement by threat a ... Read more

• TheCyberThrone

Apache OFBiz has released an urgent security advisory due to the potential for unauthorized code execution.The vulnerability tracked as CVE-2024-38856 stems into an incorrect authorization handling wi ... Read more

• Help Net Security

CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulner ... Read more