July 1, 2024 at 08:21AM Attackers are targeting a critical vulnerability (CVE-2024-0769) in discontinued D-Link DIR-859 WiFi routers, enabling remote exploitation without authentication and leaking sensitive information. A published exploit has already been observed in the wild, and mass exploitation is anticipated. D-Link urges owners to replace these devices, as they are no longer receiving … Read more
June 21, 2024 at 09:21AM Threat actors are exploiting a recently patched SolarWinds Serv-U vulnerability (CVE-2024-28995) using public proof-of-concept code, as reported by GreyNoise. The vulnerability allows unauthorized access to sensitive files on the host machine. Rapid7 published a technical writeup on successfully exploiting the issue, warning of its trivial exploitability. SolarWinds customers are urged … Read more
June 6, 2024 at 06:44AM CISA added the 7-year-old Oracle vulnerability CVE-2017-3506 to its KEV catalog due to ongoing exploitation by Chinese cybercriminals. Recent research by Trend Micro found Water Sigbin leveraging this vulnerability to deploy cryptocurrency miners and evade detection. Patching is an issue, with Oracle potentially planning a special patch release due to … Read more
May 31, 2024 at 07:36AM CISA warns of active exploitation of Linux kernel vulnerability CVE-2024-1086, enabling local attackers to elevate privileges. Affected versions range from 5.14 to 6.6, potentially impacting all versions since 3.15. Various distributions are confirmed affected, with potential for more. Proof-of-concept code has been published, and successful exploitation may lead to arbitrary … Read more
May 28, 2024 at 12:25PM Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiSIEM solution, impacting versions 6.4.0 and higher. Tracked as CVE-2024-23108, the flaw enables remote command execution as root without authentication. This PoC exploit could allow attackers to execute unauthorized commands and must be addressed promptly to … Read more
May 14, 2024 at 10:39AM Google has released emergency fixes for a high-severity zero-day flaw in the Chrome web browser (CVE-2024-4761) actively exploited in the wild. The vulnerability affects the V8 JavaScript and WebAssembly engine and could allow data corruption, crashes, or execution of arbitrary code. Google urges users to upgrade to Chrome version 124.0.6367.207/.208 … Read more
May 14, 2024 at 07:40AM Google has patched a second zero-day vulnerability, CVE-2024-4761, in Chrome just days after fixing CVE-2024-4671. Both flaws were exploited in attacks, with CVE-2024-4761 described as a high-severity issue. An anonymous researcher reported the vulnerability, and an exploit for it has been developed, but its effectiveness is unknown. Eight zero-days targeted … Read more
May 14, 2024 at 05:36AM The UK’s NHS warns that vulnerabilities in Arcserve Unified Data Protection software are likely being actively exploited. Despite not disclosing any specific data, NHS strongly encourages organizations to apply patches as outlined in Arcserve’s advisory. Critical vulnerabilities include authentication bypass and path traversal, posing risks of data theft, ransomware attacks, … Read more
May 8, 2024 at 03:55PM F5 has addressed two critical vulnerabilities in BIG-IP Next Central Manager, allowing attackers to gain admin control and create hidden rogue accounts. Exploiting SQL and OData injection flaws, unauthenticated attackers could execute malicious code remotely. Despite a temporary mitigation, F5 urges immediate patching or access restriction. There’s currently no evidence … Read more
April 20, 2024 at 01:57AM Users of CrushFTP are urged to update to version 11.1 following the discovery of a security flaw that has been exploited. Customers in a DMZ restricted environment are protected. The vulnerability, discovered by Simon Garrelou, allows users to download system files. CrowdStrike observed targeted exploits in the wild, mainly on … Read more