Critical Vulnerabilities Found in Ruijie Reyee Cloud Management Platform

December 13, 2024 at 10:54AM Cybersecurity firm Claroty warns of vulnerabilities in the Reyee cloud management platform that could enable attackers to take control of 50,000 devices. Using device serial numbers, hackers can generate credentials, execute denial-of-service attacks, and potentially steal sensitive data. Ruijie has reportedly fixed all identified security issues. **Meeting Takeaways: Vulnerabilities in … Read more

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

November 4, 2024 at 09:45AM Cybersecurity researchers identified six vulnerabilities in the Ollama AI framework, enabling attacks like denial-of-service, model poisoning, and theft. Two unresolved issues remain unpatched, emphasizing the need for users to restrict internet exposure of certain endpoints. Of 9,831 instances analyzed, one in four is vulnerable. ### Meeting Takeaways – Cybersecurity Vulnerabilities … Read more

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

October 24, 2024 at 02:26PM Cisco has patched a medium-severity security flaw (CVE-2024-20481) in its ASA and FTD software, exploited through brute-force attacks leading to resource exhaustion in devices with remote access VPN enabled. The vulnerability is included in CISA’s Known Exploited Vulnerabilities Catalog, and Cisco urges users to apply updates promptly. ### Meeting Takeaways: … Read more

Cisco fixes VPN DoS flaw discovered in password spray attacks

October 24, 2024 at 02:13PM Cisco addressed a denial of service vulnerability (CVE-2024-20481) affecting its ASA and FTD software, discovered during large-scale brute-force attacks. This flaw allows unauthenticated remote attackers to exhaust resources of the RAVPN service. Cisco also issued advisories for 42 other vulnerabilities, urging immediate patching. ### Meeting Takeaways 1. **Vulnerability Fix:** – … Read more

About the security content of tvOS 18 – Apple Support

October 13, 2024 at 02:30PM A security update for tvOS 18, available for Apple TV HD and 4K models, addresses multiple CVEs, including input validation and integrity issues, which could lead to app termination, denial-of-service, unauthorized Bluetooth access, cross site scripting, and data exfiltration. Release date is September 16, 2024. ### Meeting Takeaways **Release Information:** … Read more

Thousands of DrayTek Routers at Risk From 14 Vulnerabilities

October 3, 2024 at 06:02PM Thousands of DrayTek routers are at risk due to 14 newly discovered firmware vulnerabilities, enabling remote code execution, denial-of-service attacks, and injection of malicious code. Forescout’s Vedere Labs found over 704,000 exposed routers, urging proactive security measures in addition to patching. Threat actors, including nation-state actors, are actively targeting vulnerable … Read more

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

September 19, 2024 at 08:36AM Atlassian addressed multiple high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd with patches. The vulnerabilities allowed attackers to cause denial-of-service conditions. The patches address security defects in various components and dependencies, with the company urging users to update their installations as soon as possible. None of these issues have been … Read more

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

September 18, 2024 at 06:47AM Microsoft Azure Private 5G Core (AP5GC) has two critical vulnerabilities. The first (CVE-2024-20685) can lead to potential service outages, while the second (ZDI-CAN-23960) can disrupt network operations. These exploits underscore systemic weaknesses, particularly the lack of mandatory authentication procedures between base stations and packet-cores, posing potential denial-of-service threats. From the … Read more

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

August 14, 2024 at 02:03AM Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that could allow an authentication bypass and the creation of rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8. Additionally, Ivanti has addressed other vulnerabilities in Neurons for ITSM and Ivanti … Read more

Adobe Calls Attention to Massive Batch of Code Execution Flaws

August 13, 2024 at 01:45PM Adobe released 72 security vulnerability fixes for various products, warning Windows and macOS users of code execution and denial-of-service risks. Critical flaws were addressed in Adobe Acrobat, Reader, Illustrator, Photoshop, InDesign, Commerce, Bridge, Substance 3D Stager, Substance 3D Sampler, Substance 3D Designer, and InCopy, urging users to update to the … Read more