July 11, 2024 at 11:49AM Palo Alto Networks has released security updates to address several vulnerabilities in its products, including a critical bug impacting the Expedition migration tool, allowing an admin account takeover. Another flaw named BlastRADIUS could enable privilege escalation in certain PAN-OS firewall versions. Users are advised to update to the latest versions … Read more
July 9, 2024 at 03:51PM Blast-RADIUS is an authentication bypass in the RADIUS/UDP protocol, allowing attackers to breach networks via MD5 collision attacks. It affects numerous networked devices and poses a significant threat. The exploit manipulates server responses to gain admin privileges without brute force or credential theft. To defend against it, network operators should … Read more
July 1, 2024 at 07:28AM Juniper Networks issued an out-of-cycle security bulletin regarding a critical vulnerability, tracked as CVE-2024-2973, which can lead to an authentication bypass on Session Smart routers and conductor products. The company advised affected systems to upgrade to specific software versions and noted that the vulnerability has been automatically resolved on certain … Read more
July 1, 2024 at 02:57AM Juniper Networks has released critical security updates to fix an Authentication Bypass Using an Alternate Path or Channel vulnerability in some routers, affecting devices running in high-availability redundant configurations. The flaw, tracked as CVE-2024-2973, carries a maximum severity score. The company urges users to apply the patches to protect against … Read more
June 30, 2024 at 11:21AM Juniper Networks released an emergency update to address a critical vulnerability, tracked as CVE-2024-2973, which could lead to an authentication bypass in Session Smart Router, Conductor, and WAN Assurance Router products. The affected versions and recommended patches were listed, highlighting the need for immediate action due to active exploitation of … Read more
June 26, 2024 at 09:35AM Progress Software revealed new vulnerabilities affecting MOVEit Transfer and Gateway, including critical authentication bypass-style flaws with a severity score of 9.1. Last year’s breaches affected 2,773 organizations, prompting an embargo on the information until June 25 to allow for patching. The vulnerabilities could lead to file-less attacks and should be … Read more
June 13, 2024 at 01:25PM A proof-of-concept exploit for Veeam Recovery Orchestrator vulnerability tracked as CVE-2024-29855 has been released by security researcher Sina Kheirkha. The exploit allows unauthenticated access to the web UI with administrative privileges due to a hardcoded JWT secret. Veeam’s security bulletin suggests upgrading to patched versions and provides conditions required to … Read more
June 4, 2024 at 11:07AM Progress Software has released updates to address a critical security flaw in Telerik Report Server, allowing potential bypass of authentication and creation of rogue administrator users. Tracked as CVE-2024-4358, the flaw carries a high CVSS score of 9.8. Users are urged to update to version 2024 Q2 and review user … Read more
June 4, 2024 at 08:39AM A critical vulnerability (CVE-2024-4358, CVSS 9.8) in Progress Software’s Telerik Report Server allows remote attackers to bypass authentication, creating an admin user. An exploited deserialization flaw (CVE-2024-1800) enables remote code execution. Progress addressed both vulnerabilities in version 2024 Q1 (10.0.24.305). Users should update promptly to prevent exploitation. Based on the … Read more
April 16, 2024 at 06:48AM Privileged access management provider Delinea rushed to patch a critical authentication bypass vulnerability in Secret Server SOAP API. Despite attempts at responsible disclosure, the company initially ignored researcher Johnny Yu’s findings. Delinea has since released patches for its platforms and assured customers that their data has not been compromised. No … Read more