June 27, 2024 at 08:33AM CISA has warned about threat actors exploiting vulnerabilities in GeoServer, Linux kernel, and Roundcube Webmail. GeoServer flaw (CVE-2022-24816) allows code injection and remote code execution. Linux kernel flaw (CVE-2022-2586) may lead to privilege escalation. Roundcube Webmail (CVE-2020-13965) has a cross-site scripting issue. CISA urges action to mitigate risks. No prior … Read more
June 26, 2024 at 06:05AM Progress Software announced patches for two critical authentication bypass vulnerabilities affecting its MOVEit Transfer file transfer software. CVE-2024-5805 and CVE-2024-5806 were identified, with the latter already targeted by exploitation attempts. The company enacted patches for both, with further mitigations for CVE-2024-5806’s third-party component vulnerability, amidst heightened security concerns. After reviewing … Read more
June 25, 2024 at 09:44AM A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them. … Read more
June 11, 2024 at 08:33PM Microsoft’s June Patch Tuesday addressed 49 CVE-tagged security flaws, including a critical bug in wireless networking and a publicly disclosed DNS vulnerability (CVE-2023-50868). It also included an RCE issue in Microsoft Message Queuing (CVE-2024-30080) and a Wi-Fi driver remote code execution hole (CVE-2024-30078). Adobe, SAP, PHP, Arm, Apple, Google, SolarWinds, … Read more
June 11, 2024 at 06:18AM Arm warns of CVE-2024-4610, a memory safety bug in Mali GPU kernel drivers exploited in the wild, potentially allowing local users improper GPU memory processing operations. The bug impacts Bifrost and Valhall drivers, was introduced in r34p0, and addressed in r41p0. Arm urges prompt device updates and notes past exploit … Read more
June 6, 2024 at 01:33PM Two remote code execution (RCE) vulnerabilities in ThinkPHP, CVE-2018-20062 and CVE-2019-9082, patched over five years ago, are being exploited in ongoing attacks. Chinese-speaking threat actors use the web shell “Dama” to compromise servers, bypass PHP functions, and escalate privileges. Organizations are urged to urgently patch, as attackers target unpatched systems. … Read more
June 6, 2024 at 09:40AM Zero-day vulnerability in Check Point VPN products, CVE-2024-24919, is being exploited at an alarming rate since disclosure. GreyNoise reports exploitation allows access to sensitive data, lateral movement, and domain privileges. Over 10,000 exploitation attempts logged, with 781 unique IP addresses. Users are advised to apply available mitigations immediately. Key takeaways … Read more
May 30, 2024 at 10:21AM Cybersecurity researchers have warned of high-severity security vulnerabilities in various WordPress plugins, being actively exploited to create rogue administrator accounts for further exploitation. The flaws allow for unauthenticated stored cross-site scripting attacks, enabling threat actors to inject malicious scripts. To mitigate these risks, WordPress site owners should review installed plugins, … Read more
May 29, 2024 at 03:45PM Threat actors are exploiting a high-severity zero-day vulnerability in Check Point Remote Access VPN, stealing Active Directory data to move through victims’ networks. Check Point warns customers of attackers targeting their security gateways using old VPN local accounts with insecure password-only authentication. The company has released hotfixes to block exploitation … Read more
May 21, 2024 at 07:21AM CISA added a flaw in NextGen Healthcare’s Mirth Connect product, a widely used healthcare interface engine, to its KEV catalog. Tracked as CVE-2023-43208, the flaw can lead to unauthenticated remote code execution. A patch was released with Mirth Connect version 4.4.1. Microsoft reported ransomware attacks exploiting this and another flaw. … Read more