September 16, 2024 at 05:20PM Ivanti alerted customers about the active exploitation of a high-severity vulnerability (CVE-2024-8190) in its Cloud Service Appliance (CSA). The company recommended upgrading to CSA 5.0 to remediate the bug, warning that unauthorized access is possible with a CVSS score of 7.2. Users are urged to update to the latest version … Read more
July 29, 2024 at 08:18AM Acronis warned of threat actors exploiting a critical vulnerability (CVE-2023-45249) in Acronis Cyber Infrastructure. The defect allows arbitrary code execution due to default passwords and impacts ACI releases before certain builds. The company urged customers to apply available patches promptly, emphasizing the potential dire consequences of unpatched instances. Key takeaways … Read more
June 4, 2024 at 08:39AM CISA added an old Oracle WebLogic vulnerability, CVE-2017-3506, to its list of known exploited vulnerabilities. Chinese hackers have been using it to deploy cryptocurrency miners. Trend Micro reported that a China-based threat group, Water Sigbin, continues to exploit this vulnerability and another recent one. Their advanced techniques make detection and … Read more
January 31, 2024 at 02:08PM CISA warned of actively exploited kernel security flaw in Apple iPhones, Macs, TVs, and watches (CVE-2022-48618), allowing attackers to bypass Pointer Authentication. Apple addressed the flaw in iOS 16.2, macOS Ventura, and others. Devices affected include iPhone 8 and later, iPads, Macs, Apple TVs, and Apple Watches. Federal agencies ordered … Read more