October 15, 2024 at 01:31PM A critical vulnerability in GitHub Enterprise Server could allow unauthorized access to affected instances. GitHub has released a patch to address this severe flaw, ensuring better security for users. **Meeting Takeaways:** 1. **Critical Vulnerability Identified**: A severe flaw has been discovered in GitHub Enterprise Server that poses a significant risk, … Read more
September 20, 2024 at 05:05PM Ivanti has announced that a critical vulnerability in the Cloud Services Appliance (CSA) is being exploited, allowing attackers to bypass admin authentication and execute arbitrary commands. This adds to the ongoing security issues faced by Ivanti since 2023. Steps to mitigate the threat include upgrading to CSA 5.0 and ensuring … Read more
September 13, 2024 at 05:03AM GitLab announced patches for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) including a critical pipeline execution bug, CVE-2024-6678, with a CVSS score of 9.9. Successful exploitation could disrupt services and inject malicious code. The vulnerabilities affect versions 8.14 to 17.3.1, and patches are available in versions … Read more
August 15, 2024 at 03:15PM SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed. Based … Read more
July 26, 2024 at 10:39AM Progress Software has alerted users to a critical-severity vulnerability (CVE-2024-6327) in its Telerik Report Server product, enabling remote code execution. Version 2024 Q2 (10.1.24.709) addresses the flaw, urging immediate user updates. Temporary mitigation includes altering the user for the Report Server Application Pool. Threat actors have exploited similar vulnerabilities, prompting … Read more
July 2, 2024 at 02:54PM CISA and PTC reported a critical flaw in an industrial computer-aided design software server (CVE-2024-6071), exposing systems to unauthorized remote access. A patch has been issued for affected Creo Elements/Direct License Servers, urging immediate update. PTC stated no evidence of exploitation in the wild and emphasized no impact on the … Read more
May 15, 2024 at 11:21AM Intel released 41 security advisories addressing over 90 vulnerabilities in its products. Critical vulnerability CVE-2024-22476 was found in Neural Compressor, allowing unauthenticated remote attackers to escalate privileges. High-severity flaws were also found in UEFI firmware, graphics, and network products. Additionally, there were medium-severity vulnerabilities in various hardware and software products. … Read more
February 14, 2024 at 08:03AM A new DNS vulnerability, named KeyTrap or CVE-2023-50387, has been discovered by researchers. The flaw in DNSSEC could potentially allow attackers to disrupt large parts of the internet using a single specially crafted DNS packet. While patches are being released, prevention may require changes to the underlying DNSSEC design. The … Read more
November 29, 2023 at 02:38PM Hackers exploit a critical vulnerability in ownCloud, tracked as CVE-2023-49103, compromising admin passwords and sensitive data. With a CVSS score of 10/10, it affects versions 0.2.0 to 0.3.0. Over 11,000 instances are exposed, mostly in Germany, the US, France, and Russia. Patching is vital; disabling the app isn’t enough. Two … Read more