Citrix Patches Critical NetScaler Console Vulnerability

July 10, 2024 at 09:48AM Citrix has released patches for critical security vulnerabilities in its NetScaler product line, including improper authorization and buffer overflow bugs. It recommends updating to specific versions to address these issues. The company also addressed vulnerabilities in other products such as NetScaler ADC and Workspace app, urging customers to update appliances … Read more

ICS Patch Tuesday: Siemens, Schneider Electric, CISA Issue Advisories

July 10, 2024 at 07:48AM Major industrial control systems (ICS) providers issued security advisories, including Siemens with 17 new advisories for over 50 vulnerabilities, a critical bug in SINEMA remote connect server, and a BlastRADIUS vulnerability. Schneider Electric released four advisories for six vulnerabilities, including a critical-severity issue in Wiser Home Controller WHC-5918A. Ifm Electronic … Read more

Splunk Patches High-Severity Vulnerabilities in Enterprise Product

July 2, 2024 at 09:22AM Splunk announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. The vulnerabilities include remote code execution flaws, command injection flaw, path traversal, and denial-of-service. Splunk also addressed medium-severity flaws. No mention of exploitation in the wild was made. Additional information is available on Splunk’s … Read more

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

June 14, 2024 at 06:39AM Rockwell Automation has addressed three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software, including an authentication issue and a local privilege escalation vulnerability. These flaws have been patched in version 14, with advisories published by both Rockwell and CISA. Additionally, a vulnerability affecting certain controllers has also … Read more

Multiple botnets exploiting one-year-old TP-Link flaw to hack routers

April 17, 2024 at 09:09AM Six botnet malware operations target TP-Link Archer AX21 routers vulnerable to CVE-2023-1389, a high-severity command injection flaw. Discovered in January 2023, it was fixed by TP-Link in March 2023. Mirai variants, “Condi,” and botnets like Moobot and Miori exploit the vulnerability for DDoS attacks. Users are urged to update firmware … Read more

Zoom Paid Out $10 Million via Bug Bounty Program Since 2019

April 4, 2024 at 06:18AM Zoom’s bug bounty program has paid out over $10 million since its 2019 launch, with 2023 seeing $2.4 million in rewards for 1,000 vulnerability reports. The company published advisories for 58 vulnerabilities and introduced an open source Vulnerability Impact Scoring System to assess and prioritize vulnerabilities based on actual demonstrated … Read more

Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products 

March 27, 2024 at 08:48AM Rockwell Automation released three security advisories identifying a total of 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation software. CISA also issued advisories to organizations, warning about these vulnerabilities. The flaws include high-severity code execution vulnerabilities and one security issue without patches. Exploitation requires user interaction. Stephen Ford has … Read more

Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

March 13, 2024 at 12:51PM Intel and AMD released 10 new security advisories on Patch Tuesday. Intel’s advisories include 8 new issues, with 2 high-severity vulnerabilities impacting BIOS firmware and 4th Generation Xeon processors. They also address medium and low-severity vulnerabilities affecting processors. The company has released microcode updates to mitigate these issues. AMD’s advisories … Read more

Critical Vulnerability Allows Access to QNAP NAS Devices

March 11, 2024 at 10:03AM Over the weekend, Taiwan-based QNAP Systems announced patches for critical vulnerabilities in several products, such as QTS, QuTS hero, and QuTScloud. The flaws could enable unauthenticated access to network-attached storage (NAS) devices. CVE-2024-21899 poses a high risk, while CVE-2024-21900 and CVE-2024-21901 present medium risks, requiring authentication for exploitation. QNAP also … Read more

Zoom Patches Critical Vulnerability in Windows Applications

February 14, 2024 at 09:03AM Zoom patched seven vulnerabilities in its desktop and mobile applications, including a critical-severity bug in Windows software (CVE-2024-24691). The company also addressed high-severity and medium-severity flaws, warning of potential exploitation for conducting denial-of-service attacks or leaking information. Users are urged to update their applications to the latest releases. No reported … Read more