Exploit released for critical WhatsUp Gold RCE flaw, patch now

December 3, 2024 at 02:00PM A proof-of-concept exploit for a critical remote code execution vulnerability in Progress WhatsUp Gold has been released. It is essential to install the latest security updates immediately to mitigate potential risks. **Meeting Takeaways:** 1. **Critical Security Flaw:** A proof-of-concept exploit has been released for a critical-severity remote code execution vulnerability … Read more

GitHub Patches Critical Vulnerability in Enterprise Server

October 15, 2024 at 01:31PM A critical vulnerability in GitHub Enterprise Server could allow unauthorized access to affected instances. GitHub has released a patch to address this severe flaw, ensuring better security for users. **Meeting Takeaways:** 1. **Critical Vulnerability Identified**: A severe flaw has been discovered in GitHub Enterprise Server that poses a significant risk, … Read more

Ivanti’s Cloud Service Appliance Attacked via Second Vuln

September 20, 2024 at 05:05PM Ivanti has announced that a critical vulnerability in the Cloud Services Appliance (CSA) is being exploited, allowing attackers to bypass admin authentication and execute arbitrary commands. This adds to the ongoing security issues faced by Ivanti since 2023. Steps to mitigate the threat include upgrading to CSA 5.0 and ensuring … Read more

GitLab Updates Resolve Critical Pipeline Execution Vulnerability

September 13, 2024 at 05:03AM GitLab announced patches for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) including a critical pipeline execution bug, CVE-2024-6678, with a CVSS score of 9.9. Successful exploitation could disrupt services and inject malicious code. The vulnerabilities affect versions 8.14 to 17.3.1, and patches are available in versions … Read more

SolarWinds: Critical RCE Bug Requires Urgent Patch

August 15, 2024 at 03:15PM SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed. Based … Read more

Progress Patches Critical Telerik Report Server Vulnerability

July 26, 2024 at 10:39AM Progress Software has alerted users to a critical-severity vulnerability (CVE-2024-6327) in its Telerik Report Server product, enabling remote code execution. Version 2024 Q2 (10.1.24.709) addresses the flaw, urging immediate user updates. Temporary mitigation includes altering the user for the Report Server Application Pool. Threat actors have exploited similar vulnerabilities, prompting … Read more

PTC License Server Bug Needs Immediate Patch Against Critical Flaw

July 2, 2024 at 02:54PM CISA and PTC reported a critical flaw in an industrial computer-aided design software server (CVE-2024-6071), exposing systems to unauthorized remote access. A patch has been issued for affected Creo Elements/Direct License Servers, urging immediate update. PTC stated no evidence of exploitation in the wild and emphasized no impact on the … Read more

Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities 

May 15, 2024 at 11:21AM Intel released 41 security advisories addressing over 90 vulnerabilities in its products. Critical vulnerability CVE-2024-22476 was found in Neural Compressor, allowing unauthenticated remote attackers to escalate privileges. High-severity flaws were also found in UEFI firmware, graphics, and network products. Additionally, there were medium-severity vulnerabilities in various hardware and software products. … Read more

KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers

February 14, 2024 at 08:03AM A new DNS vulnerability, named KeyTrap or CVE-2023-50387, has been discovered by researchers. The flaw in DNSSEC could potentially allow attackers to disrupt large parts of the internet using a single specially crafted DNS packet. While patches are being released, prevention may require changes to the underlying DNSSEC design. The … Read more

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw

November 29, 2023 at 02:38PM Hackers exploit a critical vulnerability in ownCloud, tracked as CVE-2023-49103, compromising admin passwords and sensitive data. With a CVSS score of 10/10, it affects versions 0.2.0 to 0.3.0. Over 11,000 instances are exposed, mostly in Germany, the US, France, and Russia. Patching is vital; disabling the app isn’t enough. Two … Read more