July 1, 2024 at 09:39AM A new OpenSSH vulnerability, known as “regreSSHion,” allows unauthenticated remote attackers to gain root privileges on glibc-based Linux systems. If exploited, it could lead to severe consequences such as system takeover and data manipulation. The vulnerability affects OpenSSH servers on Linux from version 8.5p1 up to version 9.8p1 and can … Read more
July 1, 2024 at 08:21AM Attackers are targeting a critical vulnerability (CVE-2024-0769) in discontinued D-Link DIR-859 WiFi routers, enabling remote exploitation without authentication and leaking sensitive information. A published exploit has already been observed in the wild, and mass exploitation is anticipated. D-Link urges owners to replace these devices, as they are no longer receiving … Read more
July 1, 2024 at 08:06AM OpenSSH has issued security updates for a critical flaw enabling unauthenticated remote code execution with root privileges in glibc-based Linux systems. Dubbed CVE-2024-6387, the race condition bug affects versions 8.5p1 to 9.7p1, potentially leading to full system compromise. Users are urged to apply the latest patches and enforce network-based controls … Read more
July 1, 2024 at 07:38AM A critical vulnerability (CVE-2024-2973) in Juniper Networks routers scored a perfect 10 on CVSS systems. Juniper advised applying emergency patches due to an authentication bypass bug that could allow network-based attackers to take control. The bug affects Smart Session Router, Session Smart Conductor, and WAN Assurance Routers, potentially causing significant … Read more
July 1, 2024 at 07:28AM Juniper Networks issued an out-of-cycle security bulletin regarding a critical vulnerability, tracked as CVE-2024-2973, which can lead to an authentication bypass on Session Smart routers and conductor products. The company advised affected systems to upgrade to specific software versions and noted that the vulnerability has been automatically resolved on certain … Read more
July 1, 2024 at 04:02AM The Canadian router manufacturer, Mercku, has been identified as sending MetaMask phishing emails in response to support tickets. The phishing emails instruct users to update their MetaMask account within 24 hours, posing a potential security threat. Users are advised not to respond to these emails or click any links contained … Read more
July 1, 2024 at 02:57AM Juniper Networks has released critical security updates to fix an Authentication Bypass Using an Alternate Path or Channel vulnerability in some routers, affecting devices running in high-availability redundant configurations. The flaw, tracked as CVE-2024-2973, carries a maximum severity score. The company urges users to apply the patches to protect against … Read more
July 1, 2024 at 01:52AM Australian Federal Police charged a man for running fake Wi-Fi networks on flights, harvesting credentials for email and social media. The man was found with devices creating Wi-Fi hotspots, including similar to in-flight access networks. The charges allege unauthorized access and possession of data with intent to commit a serious … Read more
June 30, 2024 at 11:44PM Microsoft has revealed that Russian cybercriminals stole more emails than initially acknowledged, including sensitive US government data. Alongside this, critical vulnerabilities in Johnson Controls IP cameras have been reported. Additionally, a cyber incident at CDK continues to impact US car dealers, and analysis suggests Facebook users are common targets for … Read more
June 30, 2024 at 11:21AM Juniper Networks released an emergency update to address a critical vulnerability, tracked as CVE-2024-2973, which could lead to an authentication bypass in Session Smart Router, Conductor, and WAN Assurance Router products. The affected versions and recommended patches were listed, highlighting the need for immediate action due to active exploitation of … Read more