November 14, 2024 at 05:03PM CISA has identified two critical vulnerabilities in Palo Alto Networks’ Expedition migration tool, now actively exploited: CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection). Federal agencies must patch affected systems by December 5. Security updates are available in Expedition 1.2.96 and later, and user credentials should be rotated post-update. **Meeting … Read more
November 13, 2024 at 01:37PM A critical vulnerability (CVE-2024-10914) in D-Link end-of-life NAS devices allows unauthenticated command injection via malicious HTTP requests. D-Link has ceased support and advises customers to retire affected models. Despite warnings, attackers have begun exploiting this flaw, targeting over 41,000 exposed devices on the internet. ### Meeting Takeaways 1. **Critical Vulnerability … Read more
November 11, 2024 at 06:10AM D-Link has alerted users about a critical command injection vulnerability in several discontinued NAS models, leaving them exposed to remote attacks. This emphasizes the importance of maintaining security awareness for legacy devices. **Meeting Takeaways:** 1. **Vulnerability Alert**: D-Link has identified a critical-severity command injection vulnerability. 2. **Affected Products**: The issue … Read more
November 11, 2024 at 05:39AM Hewlett Packard Enterprise (HPE) released security updates for Aruba Networking Access Point products, addressing critical command injection vulnerabilities (CVE-2024-42509, CVE-2024-47460) that allow unauthenticated remote code execution. Users are advised to enable cluster security or block access to UDP port 8211 and implement management access controls to mitigate risks. **Meeting Takeaways: … Read more
November 8, 2024 at 02:23PM Over 60,000 D-Link NAS devices are vulnerable to a critical command injection flaw (CVE-2024-10914). An attacker can exploit it via crafted HTTP GET requests. D-Link confirmed no fix will be provided and recommends retiring the affected devices or isolating them from the internet due to their end-of-life status. ### Meeting … Read more
November 8, 2024 at 12:53PM Several vulnerabilities in the Mazda Connect infotainment system, affecting multiple models, allow attackers to execute arbitrary code and gain root access. The issues, including command injection and SQL injection flaws, remain unpatched. Exploitation requires physical access, but threats can arise in various contexts, posing significant risks to vehicle safety. ### … Read more
November 8, 2024 at 06:49AM HPE has issued a warning about two critical vulnerabilities in Aruba Networking access points, which could allow for unauthenticated command injection. The company has since released patches to address these security issues. **Meeting Takeaways:** 1. **Company Alert**: HPE has issued a warning regarding two critical vulnerabilities identified in Aruba Networking … Read more
November 7, 2024 at 04:47PM Cisco has identified a vulnerability in its Unified Industrial Wireless Software for URWB access points, potentially allowing remote attackers to execute command injection attacks. Affected models include Catalyst IW9165D, IW9165E, and IW9167E with URWB mode enabled. Cisco has released a fix, though there’s no known public exploitation of the issue. … Read more
November 7, 2024 at 07:30AM Cisco has patched a critical vulnerability in its Unified Industrial Wireless software that could enable remote, unauthenticated attackers to execute commands with root privileges. The issue poses significant security risks to the affected systems. **Meeting Notes Takeaways:** – A critical vulnerability has been identified in Cisco Unified Industrial Wireless software. … Read more
November 6, 2024 at 02:38PM Cisco has resolved a critical vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul access points, allowing unauthorized command execution with root privileges via a web interface. The flaw affects certain Catalyst access points with vulnerable software. Cisco’s security teams found no evidence of exploitation so far. ### Meeting Notes Takeaways: 1. … Read more