October 2, 2024 at 05:19PM A recent disclosure of four critical vulnerabilities in the Common Unix Printing System (CUPS) has shed light on the potential for attackers to conduct distributed denial-of-service (DDoS) attacks. The vulnerabilities could enable adversaries to exploit approximately 58,000 Internet-exposed devices, creating significant strain on target systems and potentially affecting server hardware. … Read more
October 2, 2024 at 02:58PM CISA warned of an actively exploited critical Ivanti vulnerability, allowing remote code execution on vulnerable EPM appliances. Tracked as CVE-2024-29824, the SQL Injection flaw affects unpatched systems. Ivanti released security updates in May but confirmed ongoing exploitation. Federal agencies are required to patch within three weeks. Prioritize patching to block … Read more
October 2, 2024 at 10:15AM A series of critical vulnerabilities in DrayTek routers, including buffer overflow and cross-site scripting flaws, have been discovered, posing a significant security risk. Over 700,000 exposed devices globally are affected, requiring immediate patching. The incident highlights the importance of secure network practices, especially for critical infrastructure organizations. Joint cybersecurity guidance … Read more
October 2, 2024 at 09:02AM The manufacturing industry has become a prime target for ransomware attacks, accounting for 21% of such incidents and putting companies at three times higher risk. A Black Kite study reveals that 80% of manufacturing firms have critical vulnerabilities and 67% are listed in the Known Exploited Vulnerabilities catalog. Persistent patch … Read more
October 2, 2024 at 02:31AM A critical security flaw, CVE-2024-45519, has been actively exploited in Synacor’s Zimbra Collaboration. The flaw allows unauthenticated attackers to execute arbitrary commands. The issue was addressed in Zimbra versions 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1. Users are strongly advised to apply the latest patches for protection. Key … Read more
September 20, 2024 at 03:08PM Microsoft has announced the public preview of Hotpatching for Windows Server 2025, allowing the installation of security updates without requiring a system restart. Hotpatching aims to reduce workload impact, improve security protection, and minimize the need for system reboots. This feature is expected to simplify change control and provide shorter … Read more
September 19, 2024 at 08:36AM Atlassian addressed multiple high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd with patches. The vulnerabilities allowed attackers to cause denial-of-service conditions. The patches address security defects in various components and dependencies, with the company urging users to update their installations as soon as possible. None of these issues have been … Read more
September 16, 2024 at 06:11PM Microsoft disclosed a zero-day vulnerability, CVE-2024-43461, in its legacy MSHTML browser engine affecting all supported Windows versions. Remote attackers can exploit it to execute arbitrary code, requiring a victim to visit a malicious site. This flaw, part of an attack chain with CVE-2024-38112, was exploited by the “Void Banshee” group. … Read more
September 6, 2024 at 01:27PM SonicWall disclosed an actively exploited security flaw in SonicOS, urging immediate patching. The vulnerability (CVE-2024-40766) affects management access and SSLVPN, with potential unauthorized access and firewall crashes. Temporary solutions include restricting firewall management and implementing multi-factor authentication. The flaw’s exploitation in the wild has led to urgent patch recommendations for … Read more
September 6, 2024 at 09:25AM SonicWall warns of potential exploitation of recently fixed access control flaw (CVE-2024-40766) in SonicOS. Urges admins to promptly apply patches to mitigate attacks. It seems that there’s a warning from SonicWall about a potential exploitation of a recently fixed access control flaw (CVE-2024-40766) in SonicOS. Admins are being urged to … Read more