December 11, 2024 at 06:19AM Ivanti announced patches for 11 vulnerabilities, including five critical-severity bugs affecting Cloud Services Application, Connect Secure, and Policy Secure. Notably, CVE-2024-11639, with a CVSS score of 10, allows authentication bypass. Users are urged to update their systems. No evidence of exploitation has been reported. ### Meeting Takeaways 1. **Ivanti Vulnerability … Read more
December 10, 2024 at 02:45PM Ivanti has alerted customers about a severe authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing attackers to gain admin access remotely. Users should upgrade to CSA 5.0.3. The company also patched other vulnerabilities but found no evidence of exploitation prior to disclosure. **Meeting Takeaways: Ivanti Security Advisory Update** … Read more
December 6, 2024 at 06:38AM WatchTowr warned of an unpatched vulnerability in the Mitel MiCollab platform, allowing attackers to access restricted resources. Over 16,000 instances are affected, with an arbitrary file read flaw requiring admin authentication to exploit. Mitel has released patches for related vulnerabilities and recommends users update to the latest version. **Meeting Takeaways:** … Read more
November 27, 2024 at 04:04PM A critical authentication bypass flaw (CVE-2024-11680) in ProjectSend allows attackers to exploit vulnerable versions to upload webshells and gain remote access. Despite a fix released on May 16, 2023, 99% of users remain vulnerable. Active exploitation has surged since September 2024, necessitating urgent updates to version r1750. ### Meeting Takeaways … Read more
November 19, 2024 at 10:35AM Palo Alto Networks has issued patches for two zero-day vulnerabilities: CVE-2024-0012, a critical authentication bypass, and CVE-2024-9474, a medium-severity privilege escalation. Users are urged to update urgently. The company warns of ongoing exploitation, particularly from VPN services, and advises restricting access to management interfaces. ### Meeting Takeaways: 1. **New Vulnerabilities … Read more
November 17, 2024 at 11:57PM A critical authentication bypass vulnerability (CVE-2024-10924) in the Really Simple Security plugin for WordPress could allow attackers to gain full admin access. Affecting over 4 million sites, the vulnerability has been patched in version 9.1.2 after responsible disclosure. Similar vulnerabilities were also found in WPLMS Learning Management System. ### Meeting … Read more
November 17, 2024 at 11:37AM A critical vulnerability (CVE-2024-10924) in the ‘Really Simple Security’ WordPress plugin allows unauthorized access due to improper user authentication handling. Wordfence warns it enables mass exploitation, urging forced updates. The flaw affects versions 9.0.0 to 9.1.1.1, with a fix released in version 9.1.2. Users must manually update to avoid risks. … Read more
November 11, 2024 at 07:02AM Veeam has issued a hotfix for a critical authentication bypass vulnerability in Backup Enterprise Manager, addressing an expanding exploitation of the previous flaw. This update aims to enhance security and protect users from potential risks associated with the vulnerability. ### Meeting Notes Summary: – **Topic**: Veeam Hotfix Release – **Issue**: … Read more
November 1, 2024 at 01:20PM CISA warns of critical security vulnerabilities in Mitsubishi Electric and Rockwell Automation factory automation software, allowing remote code execution, authentication bypass, and denial-of-service. Two severe bugs (CVE-2023-6943, CVE-2024-10386) have high CVSS scores of 9.8. Manufacturers should apply mitigations promptly due to increased cyber threats from nation-state actors. ### Meeting Takeaways … Read more
October 2, 2024 at 11:05AM The U.S. cybersecurity agency CISA has issued a warning about two critical vulnerabilities in Optigo Networks ONS-S8 Aggregation Switch products, used in critical infrastructure worldwide. The flaws allow bypassing of password requirements and could lead to remote code execution. No fixes are available, so users are advised to apply suggested … Read more