June 13, 2024 at 01:25PM A proof-of-concept exploit for Veeam Recovery Orchestrator vulnerability tracked as CVE-2024-29855 has been released by security researcher Sina Kheirkha. The exploit allows unauthenticated access to the web UI with administrative privileges due to a hardcoded JWT secret. Veeam’s security bulletin suggests upgrading to patched versions and provides conditions required to … Read more
November 30, 2023 at 02:54PM Apple’s security team reports that older iOS versions, prior to 16.7.1, were exploited due to flaws CVE-2023-42916 and CVE-2023-42917. Patches for these WebKit vulnerabilities have been released for affected iPhones. Meeting Takeaways: 1. Apple’s security response team has identified that vulnerabilities designated as CVE-2023-42916 and CVE-2023-42917 have been exploited. 2. … Read more
November 6, 2023 at 12:40PM Attackers are exploiting a critical security flaw in Atlassian Confluence to encrypt files with Cerber ransomware. The flaw, tracked as CVE-2023-22518, received a severity rating of 9.1/10 and affects all versions of Confluence Data Center and Confluence Server software. Although there are currently no reports of active exploitation, Atlassian has … Read more