HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

May 1, 2024 at 06:31PM HPE Aruba Networking’s April 2024 security advisory highlights critical remote code execution (RCE) vulnerabilities in various versions of ArubaOS. Ten vulnerabilities are listed, including four critical-severity unauthenticated buffer overflow issues. The vendor recommends enabling Enhanced PAPI Security and upgrading to specific patched versions for ArubaOS to mitigate the flaws. System … Read more

Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet

January 31, 2024 at 05:30AM Multiple Hitron DVR device models are exploited by the InfectedSlurs botnet, utilizing vulnerabilities to launch DDoS attacks. Akamai reports discovering six zero-day vulnerabilities and urges immediate firmware updates and password changes. CISA advises isolating these devices, using VPNs, and collaborating for a comprehensive security approach. KISA has also issued alerts … Read more

FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks

January 16, 2024 at 11:51AM Two unauthenticated denial-of-service (DoS) vulnerabilities, CVE-2022-22274 and CVE-2023-0656, threaten the security of SonicWall next-generation firewall devices. Attackers can exploit these flaws to crash devices or execute remote code. Vulnerable SonicWall series 6 and 7 firewalls are at risk. Administrators are urged to update to the latest firmware to mitigate potential … Read more

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

December 12, 2023 at 09:30AM Two popular WordPress plugins, Elementor and Backup Migration, have been found to have critical remote code execution (RCE) vulnerabilities, affecting over 5 million users. Elementor’s RCE flaw was due to an authenticated arbitrary file upload issue, while Backup Migration’s CVE-2023-6553 vulnerability was exploited to include malicious PHP code. Updated versions … Read more

Atlassian Patches Critical Remote Code Execution Vulnerabilities

December 7, 2023 at 05:36AM Atlassian has issued critical patches for remote code execution vulnerabilities in Confluence and other products to address security flaws. Takeaways from Meeting: 1. Atlassian has issued patches for several critical-severity remote code execution vulnerabilities. 2. The vulnerabilities affect Confluence and several other Atlassian products. 3. Users are advised to apply … Read more

Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps

December 6, 2023 at 06:00PM Atlassian has patched four critical vulnerabilities (CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, CVE-2023-22524) with CVSS scores up to 9.8, affecting various platforms with risks of remote code execution (RCE). These follow a series of bugs in their widely-used collaboration tools, with prior exploits prompting urgent updates. Meeting Takeaways: 1. Atlassian has encountered four … Read more