CyberSecurityBoard
Sponsor Register Login

Critical Veritas Vulnerability Let Attackers Execute Malicious Code

Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers exploiting this flaw could bypass authentication mechanisms and execute arbitrary code by sending maliciously crafted .NET remoting messages to vulnerable endpoints. Security researcher Sina Kheirkhah of watchTowr Labs, who is credited with discovering the flaw, noted, “Insecure deserialization remains a pervasive threat. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. In this case, the Plugin_Host service deserializes messages without verifying their integrity, enabling attackers to inject malicious object payloads. As watchTowr’s research underscores, proactive defense, not just patching, is essential in an era when attackers rapidly weaponize such flaws. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. Successful exploitation could grant attackers SYSTEM-level privileges, compromising entire clusters. Organizations opting for manual DR configuration must follow Veritas’ guidelines to avoid reactivating the endpoint.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 09:50:06 +0000


Cyber News related to Critical Veritas Vulnerability Let Attackers Execute Malicious Code

CVE-2009-3027 - VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) ...
6 years ago
Cohesity to Buy Veritas' Data Protection Businesses - Data security firm Cohesity will buy Veritas' data protection business, the two firms announced Jan. 8th, creating a data security and management giant valued at roughly $7 billion. Sanjay Poonen, the current CEO and President at Cohesity, will lead ...
1 year ago Securityweek.com
CVE-2011-0547 - Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster ...
7 years ago
CVE-2019-18780 - An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and ...
4 years ago
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
5 months ago Cyberdefensemagazine.com Akira
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
Critical Veritas Vulnerability Let Attackers Execute Malicious Code - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers exploiting this flaw could bypass authentication mechanisms and execute arbitrary code by sending maliciously crafted ...
17 hours ago Cybersecuritynews.com
What is SEO Poisoning Attack? - Search engine optimization (SEO) poisoning is a type of cyber attack that infiltrates search results. It consists of malicious search engine results created by an attacker attempting to redirect someone to malicious or vulnerable webpages. It is a ...
2 years ago Heimdalsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
1 year ago Feeds.dzone.com
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack - After adding the malicious code to our Threat Intelligence Database and examining it, we quickly discovered that several other plugins were also affected. We will begin with the Blaze Widget plugin which saw the largest amount of activity in terms of ...
8 months ago Wordfence.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
9 months ago Cisa.gov
Analysis of OT cyberattacks and malwares - Let's find the answer to all the questions by looking into some history of OT attacks and malware. We systematically categorize the attacks into direct and indirect vectors. Direct attacks are those that target OT systems through the exploitation of ...
1 year ago Securityboulevard.com
Guarding Kubernetes From the Threat Landscape - DZone - If compromised, attackers can exploit these broad permissions to manipulate deployments, introduce malicious code, gain unauthorized access to critical systems, steal sensitive data, or create backdoors for ongoing access. Part of the security ...
5 months ago Feeds.dzone.com
A Critical Remote Code Execution(RCE) Vulnerability in Apache Struts2 Flaw Puts Your Web Apps at Risk - The web development world is constantly on guard against security threats, and a recent discovery in the popular Apache Struts2 framework serves as a stark reminder. This critical vulnerability, known as CVE-2023-50164, exposes a serious flaw that ...
1 year ago Securityboulevard.com CVE-2023-50164
Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
1 year ago Bleepingcomputer.com CVE-2023-38547 CVE-2023-38549 CVE-2023-41723 FIN7 Cuba
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin - A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. Known as Backup Migration, the plugin helps admins automate site backups to ...
1 year ago Bleepingcomputer.com CVE-2023-6553 CVE-2023-45124 Hunters
Attacks on critical infrastructure are harbingers of war: Are we prepared? - Recent attacks on several water authorities, such as Aliquippa and St. Johns River, are putting a new spotlight on the need to protect critical infrastructure. In war, to bring a nation to its knees, attacks against power and water inflict the most ...
1 year ago Scmagazine.com
New Research Delves Into the World of Malicious Cryptocurrency Mining - As cryptocurrency prices have soared in recent years, malicious cryptocurrency miners have increasingly targeted vulnerable computer systems with malicious crypto-mining software in search of profits. In a new research paper, security researchers at ...
2 years ago Thehackernews.com
Don't get hacked! Apply the right vulnerability metrics to Kubernetes scans - As you read this, I'd like you to keep in mind that CVSS was never intended to be that end-all software vulnerability scoring system. Doesn't reflect actual risk - CVSS provides a base score that represents the inherent severity of a vulnerability in ...
1 year ago Securityboulevard.com
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting - On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting via Shortcode vulnerabilities in WordPress repository plugins. We found over 100 vulnerabilities across 100 plugins which affect ...
1 year ago Wordfence.com
5 Common Phishing Vectors and Examples - Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments. Let's take a closer look at these types and examine examples of ...
9 months ago Cybersecuritynews.com CVE-2017-11882 Equation
Master the Art of Writing Clean Codebases - As developers, we can write code that's DRY and modular by using functions, variables, classes, and comments. That's what poorly structured code feels like: confusing, frustrating, and riddled with vulnerabilities. The choice is clear: build code ...
1 year ago Feeds.dzone.com
The Last Mile of Encrypting the Web: 2023 Year in Review - At the start of 2023, we sunsetted the HTTPS Everywhere web extension. It encrypted browser communications with websites and made sure users benefited from the protection of HTTPS wherever possible. HTTPS Everywhere ended because all major browsers ...
1 year ago Eff.org
Meta releases 'Code Llama 70B', an open-source behemoth to rival private AI development - Meta AI, the company that brought you Llama 2, the gargantuan language model that can generate anything from tweets to essays, has just released a new and improved version of its code generation model, Code Llama 70B. This updated model can write ...
1 year ago Venturebeat.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)