July 26, 2024 at 12:46PM Acronis warned customers to patch a critical Cyber Infrastructure security flaw allowing attackers to bypass authentication on vulnerable servers. The flaw, labeled CVE-2023-45249, impacts multiple Acronis Cyber Infrastructure products. Over 20,000 service providers and 750,000 businesses use Acronis Cyber Protect to protect their data. The company advises users to update … Read more
July 26, 2024 at 10:39AM Progress Software has alerted users to a critical-severity vulnerability (CVE-2024-6327) in its Telerik Report Server product, enabling remote code execution. Version 2024 Q2 (10.1.24.709) addresses the flaw, urging immediate user updates. Temporary mitigation includes altering the user for the Report Server Application Pool. Threat actors have exploited similar vulnerabilities, prompting … Read more
July 26, 2024 at 08:27AM Threat actors exploiting critical vulnerabilities in ServiceNow, including input validation flaws and a file read security defect, targeting vulnerable instances for reconnaissance. Approximately 300,000 instances susceptible to probing, with threat actors attempting to extract data from private sector and government agencies worldwide. ServiceNow urged customers to apply patches and hotfixes … Read more
July 26, 2024 at 01:13AM Progress Software has identified a critical security flaw (CVE-2024-6327) in Telerik Report Server versions prior to 2024 Q2 (10.1.24.709) that could lead to remote code execution due to an insecure deserialization vulnerability. Users are advised to update to version 10.1.24.709 and take temporary mitigation measures. Another vulnerability (CVE-2024-4358) was patched … Read more
July 25, 2024 at 05:01PM Threat actors are exploiting ServiceNow flaws to breach government agencies, data centers, energy providers, and software firms in data theft attacks. Over 300,000 internet-exposed instances make it a popular target. Resecurity reports tens of thousands of systems remain vulnerable despite security updates released on July 10, 2024, urging users to … Read more
July 25, 2024 at 11:49AM Progress Software has issued a warning to patch a critical remote code execution security flaw in the Telerik Report Server, impacting Report Server 2024 Q2 and earlier. This vulnerability allows attackers to gain remote code execution on unpatched servers. Progress advises upgrading to version 2024 Q2 (10.1.24.709) or later, offering … Read more
July 19, 2024 at 07:01AM SolarWinds released security updates for Access Rights Manager, resolving 13 vulnerabilities, including eight critical-severity bugs. Six critical flaws could be exploited for remote code execution, while the remaining two could allow attackers to read and delete arbitrary files. Five high-severity issues were also addressed, impacting domain admin access and arbitrary … Read more
July 17, 2024 at 06:03AM Google announced security updates for Chrome 126, addressing ten vulnerabilities, including high-severity bugs reported by external researchers. The release resolves various flaws in V8, Screen Capture, Media Stream, Audio, and Navigation. Google paid over $32,000 in bug bounty rewards and advises users to update their browsers to the latest versions. … Read more
July 17, 2024 at 01:42AM Threat actors are exploiting a critical security flaw in Apache HugeGraph-Server, enabling remote code execution attacks (CVE-2024-27348, CVSS score: 9.8). Users are urged to upgrade to version 1.3.0 with Java11 and enable the Auth system to fix the issue. Exploitation attempts are in the wild, emphasizing the urgency of applying … Read more
July 16, 2024 at 06:19PM CISA warns of actively exploited GeoServer GeoTools remote code execution flaw (CVE-2024-36401). The flaw allows arbitrary code execution and affects all GeoServer instances. Researchers demonstrated proof of concept exploits, prompting patching of versions 2.23.6, 2.24.4, and 2.25.2. CISA requires federal agencies to patch servers by August 5th, 2024, while private … Read more