August 28, 2024 at 01:06PM Fortra has issued a warning about a serious hardcoded password vulnerability in FileCatalyst Workflow. This flaw has the potential to enable unauthorized access to an internal database, leading to data theft and the acquisition of administrator privileges. Based on the meeting notes, it seems that Fortra is alerting about a … Read more
August 21, 2024 at 10:22AM A critical vulnerability, CVE-2024-6800, in GitHub Enterprise Server allows an attacker to gain admin privileges by exploiting a problem with SAML authentication. Over 36,500 GHES instances are accessible online, mostly in the US. GitHub has released fixed versions and warns of potential errors and issues during the update process. Based … Read more
October 17, 2023 at 03:19PM Thousands of Internet exposed Cisco IOS XE devices have been infected by a threat actor exploiting an unpatched vulnerability. Cisco has disclosed the flaw, which allows arbitrary code execution, with a severity rating of 10 out of 10. The attacks have a global footprint and the compromised systems all have … Read more
October 16, 2023 at 11:52AM Cisco has warned administrators about a severe zero-day vulnerability in its IOS XE Software that allows attackers to gain full control of affected routers. The vulnerability, identified as CVE-2023-20198, only affects devices with the Web User Interface feature enabled and the HTTP or HTTPS Server feature toggled on. Cisco advises … Read more