Tag: vulnerability
-
CISA Added Fortinet Ivanti Vulnerabilities that Exploited in the Wild
Tags: cisa, cve, cyber, cybersecurity, exploit, fortinet, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats. Fortinet Multiple Products Format String Vulnerability CVE-2024-23113 Fortinet’s suite of […]…
-
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
Tags: cisa, cisco, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.”A First seen on thehackernews.com…
-
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices
Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack PAN-OS firewalls. The vulnerabilities reside in the Palo Alto Networks’ Expedition solution, which is a migration tool designed to help organizations move configurations…
-
Ransomware-Befall über Zyxel-Geräte: Neuer Fall und Erkenntnisse
Nachdem Anfang September 2024 kritische Schwachstellen in Zyxel-Produkten gefixt wurden, und Zyxel (Belgien) Opfer der Helldown-Ransomware wurde, deutet sich ein Sicherheitsproblem an. Nun hat sich ein Leser gemeldet, dessen Kunde ebenfalls eine Ransomware-Infektion über Zyxel-Geräte erlitt. Zyxel hat nun einen … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/10/10/ransomware-befall-ueber-zyxel-geraete-neuer-fall-und-erkenntnisse/
-
Automated CUPS vulnerability scanner unveiled
Tags: vulnerabilityFirst seen on scworld.com Jump to article: www.scworld.com/brief/automated-cups-vulnerability-scanner-unveiled
-
Ivanti zero-day vulnerabilities exploited in chained attack
The new exploit chains targeting Ivanti Cloud Service Application customers are connected to a previously disclosed critical path traversal flaw, CVE-2024-8963. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613041/Ivanti-zero-day-vulnerabilities-exploited-in-chained-attack
-
Palo Alto Expedition: From N-Day to Full Compromise
On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it’s advertised as: The purpose of this tool is to help reduce the time and efforts of migrating a configuration from…
-
Microsoft’s October 2024 Patch Tuesday: Addressing 5 Zero-Days and 118 Vulnerabilities
On October 10, 2024, Microsoft released its latest round of security updates as part of the monthly Patch Tuesday. This month’s update addresses a total of 118 vulnerabilities, including five zero-days, two of which are actively being exploited. These vulnerabilities impact various Microsoft products, making it crucial for organizations to apply patches promptly and review…
-
CISA says critical Fortinet RCE flaw now exploited in attacks
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/
-
Network Penetration Testing Checklist 2024
Network Penetration Testingchecklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and calibrate firewall rules. You should test in all ways to guarantee there is no security…
-
3 More Ivanti Cloud Vulns Exploited in the Wild
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor’s Cloud Services Appliance (CSA). First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/three-more-ivanti-cloud-vulns-exploited
-
Firefox Zero-Day Under Attack: Update Your Browser Immediately
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.”An attacker was able to achieve code execution in the content process by exploiting a use-after-free…
-
Ivanti CSA Customers Targeted in New Zero Day Attacks
Attackers Chain Three Security Flaws with Patched Admin Bypass Vulnerability. Internet appliance maker Ivanti warned customers Tuesday that attackers are actively exploiting new vulnerabilities in Cloud Services Appliance instances by chaining three security flaws with a zero-day patched in September. The company advised customers to update to version 5.0. First seen on govinfosecurity.com Jump to…
-
Palo Alto Networks warns of firewall hijack bugs with public exploit
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-firewall-hijack-bugs-with-public-exploit/
-
Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/
-
Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
The vulnerabilities are tied to the Microsoft Management Console and Windows MSHTML Platform. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-october-2024-117-updates/
-
Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project
Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/vulnerability-roundup-foxit-gnome-oct-9-2024/
-
Five zero-days to be fixed on October Patch Tuesday
Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366613194/Five-zero-days-to-be-fixed-on-October-Patch-Tuesday
-
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries
Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments.”The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution,” Claroty researchers Mashav Sapir and Vera First seen on…
-
HP Business-Notebooks: Hotkey-Unterstützung ermöglicht Rechteausweitung
Hewlett Packard warnt vor einer Schwachstelle im Hotkey-Support von Business-Notebooks. Angreifer können dadurch ihre Rechte ausweiten. First seen on heise.de Jump to article: www.heise.de/news/HP-Business-Notebooks-Rechtausweitungsluecke-in-Hotkey-Support-9975278.html
-
WordPress-Plug-in: Abermals gravierende Sicherheitslücke in Litespeed Cache
Auf mehr als sechs Millionen Websites lauert eine schwerwiegende Schwachstelle im WordPress-Plug-in Litespeed Cache. Ein Update steht bereit. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-Plug-in-Abermals-gravierende-Sicherheitsluecke-in-Litespeed-Cache-9975165.html
-
HP Business-Notebooks: Rechtausweitungslücke in Hotkey-Support
Hewlett Packard warnt vor einer Schwachstelle im Hotkey-Support von Business-Notebooks. Angreifer können dadurch ihre Rechte ausweiten. First seen on heise.de Jump to article: www.heise.de/news/HP-Business-Notebooks-Rechtausweitungsluecke-in-Hotkey-Support-9975278.html
-
5 Zero-Days in Microsoft’s October Update to Patch Immediately
Threat actors are actively exploiting two of the vulnerabilities, while three others are publicly known and ripe for attack. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now
-
Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files
Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief… First seen on hackread.com Jump to article: hackread.com/scammers-florida-hurricane-victim-fake-fema-malware/
-
Microsoft repairs 2 zero-days on October Patch Tuesday
Administrators will have to tackle 117 new vulnerabilities, including three rated critical, in this month’s batch of security updates. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366613059/Microsoft-repairs-2-zero-days-on-October-Patch-Tuesday
-
Microsoft Patches 117 CVEs: Focus on Critical and Zero-Day Threats
Microsoft has released the October 2024 Patch Tuesday, addressing a total of 117 Common Vulnerabilities and Exposures (CVEs). This month’s Microsoft Patch Tuesday update includes three vulnerabilities rated as critical, 113 classified as important, and one rated moderate. Notably, among these vulnerabilities are two zero-days actively exploited in the wild: CVE-2024-43573 and CVE-2024-43572. First seen…
-
U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Qualcomm this week addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score…