August 23, 2024 at 03:00PM SolarWinds has released a patch for a second critical vulnerability in its Web Help Desk software, addressing hardcoded credentials that could allow remote attackers to modify data. The patch also addresses a previous Java deserialization issue. Customers are urged to update immediately to mitigate potential exploitation by threat actors. Based … Read more
August 22, 2024 at 06:48PM SolarWinds acknowledged a critical security flaw (CVE-2024-28987) in its Web Help Desk (WHD) product, affecting versions 12.8.3 HF1 and earlier. The flaw allows unauthenticated attackers to manipulate sensitive data. An update, HF2, has been released to address the issue. Another critical vulnerability (CVE-2024-28986) has also been identified, with exploitation potential … Read more
August 22, 2024 at 11:07AM SolarWinds has issued a hotfix addressing a critical Web Help Desk vulnerability. This vulnerability could enable unauthorized access to unpatched systems by exploiting hardcoded credentials. Based on the meeting notes, it’s important to highlight that SolarWinds has released a hotfix to address a critical vulnerability in the Web Help Desk. … Read more
May 16, 2024 at 03:40PM Researchers found 11 security flaws in GE’s Vivid Ultrasound products and related software, with severity ranging from 5.7 to 9.6 on the CVSS 3.1 scale. Nozomi Networks detailed potential risks, including remote code execution, but physical access is needed in some cases. GE has patches and mitigations available on its … Read more
November 14, 2023 at 07:09AM Code security firm GitGuardian has discovered thousands of hardcoded credentials in Python code committed to PyPI packages. Over 4,000 unique secrets were found in nearly 3,000 packages, with more than 760 of them being valid. The leaked secrets included keys and credentials for popular services such as AWS, Azure AD, … Read more