April 15, 2024 at 10:07AM Delinea’s Secret Server customers are urged to upgrade installations immediately due to a critical vulnerability discovered by researcher Johnny Yu. The vulnerability allows attackers to gain admin-level access, putting account credentials at risk. Delinea fixed the vulnerability but did not credit Yu, leading to concerns about transparency. The incident also … Read more
February 27, 2024 at 01:54PM Black Basta and Bl00dy ransomware gangs are targeting unpatched ScreenConnect servers with a critical vulnerability (CVE-2024-1709), allowing admin account creation and takeovers. Exploited since last Tuesday, alongside a path traversal vulnerability (CVE-2024-1708). CISA added CVE-2024-1709 to exploited vulnerabilities, with Trend Micro observing attacks and deployment of ransomware by the gangs. … Read more
February 8, 2024 at 02:53PM Ivanti warns of authentication bypass vulnerability (CVE-2024-22024) in Connect Secure, Policy Secure, and ZTA gateways, allowing remote access to unpatched appliances. No evidence of customer exploitation, but immediate action is recommended. Over 20,000 ICS VPN gateways tracked online. Ivanti devices targeted in zero-day attacks. Security patches released. CISA orders disconnection … Read more
February 6, 2024 at 12:36PM JetBrains has issued a critical security alert, urging customers to patch their TeamCity On-Premises servers to address a vulnerability (CVE-2024-23917) allowing attackers to gain admin privileges through remote code execution attacks. Customers are advised to update to version 2023.11.3 immediately. An earlier flaw (CVE-2023-42793) has been exploited by various threat … Read more
February 5, 2024 at 06:06PM Mitsubishi Electric identified high-severity authentication bypass and critical remote code execution vulnerabilities in several factory automation products. The impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX. The company advised users to implement cybersecurity measures while it works on patches and released advisories … Read more
January 24, 2024 at 10:07AM Security experts have rapidly published working exploits for a critical vulnerability in Fortra GoAnywhere MFT, exposing a serious authentication bypass issue initially disclosed by Fortra in December. Researchers from Horizon3 developed an exploit targeting a vulnerable endpoint, exposing the system to unauthorized admin user creation. Fortra advises upgrading to version … Read more
January 24, 2024 at 09:24AM A critical vulnerability (CVE-2024-0204, CVSS score 9.8) in Fortra’s GoAnywhere MFT allows an unauthenticated attacker to create an admin user. Patches were released on Dec 7, urging customers to update to version 7.4.1. Horizon3.ai published a technical writeup on the bug’s root cause and PoC code one day after the … Read more
January 23, 2024 at 10:46AM Fortra warns of a critical authentication bypass vulnerability in GoAnywhere MFT, affecting versions prior to 7.4.1. Exploitation allows unauthorized creation of admin accounts and could lead to data breaches and malware introduction. The flaw was fixed in version 7.4.1, and users are advised to update immediately. Notably, past incidents suggest … Read more
January 19, 2024 at 03:00PM A critical vulnerability, CVE-2023-35082, in Ivanti Endpoint Manager Mobile (EPMM) with a CVSS score of 9.8 has been added to CISA’s Known Exploited Vulnerabilities Catalog. It allows an authentication bypass and patch bypass for another high-risk vulnerability, CVE-2023-35078. Rapid7 reports a potential threat actor exploitation, with all versions of Invanti … Read more
January 8, 2024 at 12:50PM SonicWall has observed thousands of daily exploitation attempts targeting the Apache OFBiz zero-day vulnerability. The severity is near-maximum, with a 9.8 rating, allowing attackers to bypass authentication and execute arbitrary code. They urge immediate upgrading to OFBiz version 18.12.11 to address this and another equally serious vulnerability. Apache OFBiz has … Read more