Progress LoadMaster vulnerable to 10/10 severity RCE flaw

September 9, 2024 at 02:57AM Progress Software has issued an emergency fix for a critical vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant products, allowing remote command execution. Based on the meeting notes, it appears that Progress Software has issued an emergency fix for a critical severity vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor … Read more

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

February 6, 2024 at 08:37AM Fortinet’s FortiSIEM product is affected by two critical security vulnerabilities (CVE-2024-23108 and CVE-2024-23109) with a severity score of 10 on the CVSS scale. These flaws allow for remote code execution by unauthenticated attackers. Currently, the affected versions are specified, and Fortinet has recommended upgrading to version 7.1.2 to address the … Read more

Exploit for CrushFTP RCE chain released, patch now

November 18, 2023 at 10:32PM A proof-of-concept exploit for a critical remote code execution vulnerability in CrushFTP has been publicly released. Attackers can access files, execute code, and obtain passwords. The developers released a fix in CrushFTP 10.5.2, but applying the patches may not protect against all threats. Users should update to the latest version, … Read more

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

November 14, 2023 at 02:27PM Researchers from the CISPA Helmholtz Center for Information Security have discovered a new software fault attack called CacheWarp that targets AMD’s Secure Encrypted Virtualization (SEV) technology. The attack exploits a vulnerability in SEV to infiltrate encrypted virtual machines and achieve privilege escalation. AMD has released a microcode update to address … Read more

Veeam warns of critical bugs in Veeam ONE monitoring platform

November 6, 2023 at 04:59PM Veeam has released hotfixes to address four vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform. Two of the vulnerabilities are critical and allow attackers to gain remote code execution and steal NTLM hashes. The remaining two are medium-severity bugs. The company has provided hotfixes for actively supported … Read more

Critical Apache ActiveMQ flaw under attack by ‘clumsy’ ransomware crims

November 2, 2023 at 01:20PM Ransomware criminals are exploiting a severe vulnerability in Apache ActiveMQ, allowing for remote code execution. The developers released fixes for the affected versions, but many services remain unpatched, with China having the highest number of vulnerable services. The attacks are attributed to the HelloKitty ransomware family, known for targeting smaller … Read more

Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data

October 26, 2023 at 04:48AM Users of Mirth Connect, an open-source data integration platform, are urged to update to version 4.4.1 due to the discovery of an unauthenticated remote code execution vulnerability (CVE-2023-43208). Horizon3.ai warns that attackers may exploit this vulnerability to gain access to sensitive healthcare data. The flaw affects various versions of Mirth … Read more