November 19, 2024 at 04:20PM CISA has added three new critical vulnerabilities to its KEV catalog, including CVE-2024-1212 in Progress Kemp LoadMaster, which allows remote system access. Organizations must implement updates by December 9, 2024, or cease usage. Additionally, another flaw, CVE-2024-7591, has also been identified but lacks observed exploitation. **Meeting Takeaways:** 1. **New Vulnerabilities … Read more
September 27, 2024 at 12:42PM Progress Software has addressed six security flaws in WhatsUp Gold, including two critical vulnerabilities, through updates in version 24.0.1. The CVE identifiers for the flaws and their respective CVSS scores have been listed. Security researcher Sina Kheirkhah and others have been credited with discovering and reporting the flaws. Users are … Read more
September 27, 2024 at 08:02AM Progress Software recently identified and warned customers about six vulnerabilities in WhatsUp Gold, urging them to upgrade to version 24.0.1 to address these issues. The vulnerabilities, including SQL injection and remote code execution flaws, were reported by various security researchers and have been exploited by attackers. Progress has released patches … Read more
September 17, 2024 at 06:03AM Two critical vulnerabilities in Progress Software’s WhatsUp Gold were recently exploited in possible ransomware attacks. Trend Micro observed remote code execution attempts following the public disclosure of the flaws and suspects a ransomware group’s involvement due to the use of multiple remote access tools. CISA has added one of the … Read more
September 13, 2024 at 08:15AM Malicious actors are leveraging publicly available proof-of-concept exploits for security flaws in Progress Software WhatsUp Gold, leading to opportunistic attacks shortly after the release. The attacks involved bypassing authentication and exploiting PowerShell scripts to download remote access tools, indicating potential involvement of ransomware actors. This is the second active weaponization … Read more
September 12, 2024 at 12:43PM Hackers are utilizing publicly available exploit code to target two critical vulnerabilities in the WhatsUp Gold network monitoring solution from Progress Software. Based on the meeting notes, it appears that hackers have been exploiting two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software … Read more
September 12, 2024 at 05:49AM Trend Micro researchers discovered remote code execution attacks on WhatsUp Gold leveraging the Active Monitor PowerShell Script since August 30. Exploiting vulnerabilities CVE-2024-6670 and CVE-2024-6671, the attacks persisted despite available patches, emphasizing the need for prompt patch application and proactive monitoring to prevent similar incidents. Mitigation steps include access control, … Read more
September 9, 2024 at 06:45AM Progress Software has issued security updates to address a critical vulnerability in LoadMaster and Multi-Tenant hypervisor, allowing remote attackers to execute arbitrary commands. Tracked as CVE-2024-7591, the flaw affects specific versions and was discovered by security researcher Florian Grunow. Users are urged to apply the fixes promptly and follow security … Read more
September 9, 2024 at 02:57AM Progress Software has issued an emergency fix for a critical vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant products, allowing remote command execution. Based on the meeting notes, it appears that Progress Software has issued an emergency fix for a critical severity vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor … Read more
August 30, 2024 at 04:42AM Progress Software’s network monitoring solution WhatsUp Gold has critical vulnerabilities (CVE-2024-4885) allowing remote attackers to execute arbitrary code, posing a significant risk. While version 23.1.3 addressed the issue, upgrading to version 24.0.0 is encouraged, though the manual process may deter some administrators. Administrators are advised to upgrade promptly to mitigate … Read more