August 2, 2024 at 07:00AM Enterprise Resource Planning (ERP) Software, including the open-source framework OFBiz, faces critical security vulnerabilities, as demonstrated by the exploitation of a directory traversal flaw. The SANS Internet Storm Center reported an increase in exploit attempts, with attackers targeting OFBiz using the Mirai botnet. The vulnerabilities pose a threat to sensitive … Read more
May 22, 2024 at 09:03AM Netflix has patched a critical vulnerability in its open source Genie job orchestration engine, designated as CVE-2024-4701. Remote attackers could potentially execute arbitrary code, exploiting a file upload process. The bug is present in Genie OSS versions prior to 4.3.18. Organizations are urged to upgrade to the fixed version to … Read more
May 6, 2024 at 09:44AM CISA urges the software industry to eliminate directory traversal vulnerabilities, which allow users to access and manipulate data. Exploits can lead to data theft and system compromise, posing a heightened threat to critical organizations including healthcare and cloud services. CISA recommends specific mitigations such as using ransom identifiers for files … Read more