September 4, 2024 at 12:59PM Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that allowed unauthorized access to unpatched systems with administrative privileges. Based on the meeting notes, the key takeaway is that Cisco has eliminated a backdoor account in the Cisco Smart Licensing Utility (CSLU), preventing unauthorized access to … Read more
May 22, 2024 at 03:58PM A critical security bug (CVE-2024-4985, CVSS 10) in GitHub Enterprise Server affects SAML SSO implementations with encrypted assertions. Attackers can create fake SAML responses to obtain admin privileges. Versions before 3.13.0 are vulnerable, but emergency fixes are available in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. Key takeaways from the meeting … Read more
October 31, 2023 at 11:51AM Hackers are actively exploiting a critical vulnerability in F5’s BIG-IP product, just five days after its disclosure. The flaw allows for remote code execution and unauthorized access. F5 has released hotfixes and is urging customers to install them immediately. Attackers are also exploiting another vulnerability in BIG-IP’s configuration utility. F5 … Read more
October 17, 2023 at 10:51AM Two critical security flaws have been discovered in the CasaOS personal cloud software. These vulnerabilities allow attackers to bypass authentication and gain full access to the CasaOS dashboard. Additionally, attackers can exploit third-party applications to execute arbitrary commands on the system and gain persistent access. The flaws have been addressed … Read more