April 17, 2024 at 09:09AM Six botnet malware operations target TP-Link Archer AX21 routers vulnerable to CVE-2023-1389, a high-severity command injection flaw. Discovered in January 2023, it was fixed by TP-Link in March 2023. Mirai variants, “Condi,” and botnets like Moobot and Miori exploit the vulnerability for DDoS attacks. Users are urged to update firmware … Read more
April 4, 2024 at 06:18AM Zoom’s bug bounty program has paid out over $10 million since its 2019 launch, with 2023 seeing $2.4 million in rewards for 1,000 vulnerability reports. The company published advisories for 58 vulnerabilities and introduced an open source Vulnerability Impact Scoring System to assess and prioritize vulnerabilities based on actual demonstrated … Read more
March 27, 2024 at 08:48AM Rockwell Automation released three security advisories identifying a total of 10 vulnerabilities in its FactoryTalk, PowerFlex, and Arena Simulation software. CISA also issued advisories to organizations, warning about these vulnerabilities. The flaws include high-severity code execution vulnerabilities and one security issue without patches. Exploitation requires user interaction. Stephen Ford has … Read more
March 13, 2024 at 12:51PM Intel and AMD released 10 new security advisories on Patch Tuesday. Intel’s advisories include 8 new issues, with 2 high-severity vulnerabilities impacting BIOS firmware and 4th Generation Xeon processors. They also address medium and low-severity vulnerabilities affecting processors. The company has released microcode updates to mitigate these issues. AMD’s advisories … Read more
March 11, 2024 at 10:03AM Over the weekend, Taiwan-based QNAP Systems announced patches for critical vulnerabilities in several products, such as QTS, QuTS hero, and QuTScloud. The flaws could enable unauthenticated access to network-attached storage (NAS) devices. CVE-2024-21899 poses a high risk, while CVE-2024-21900 and CVE-2024-21901 present medium risks, requiring authentication for exploitation. QNAP also … Read more
February 14, 2024 at 09:03AM Zoom patched seven vulnerabilities in its desktop and mobile applications, including a critical-severity bug in Windows software (CVE-2024-24691). The company also addressed high-severity and medium-severity flaws, warning of potential exploitation for conducting denial-of-service attacks or leaking information. Users are urged to update their applications to the latest releases. No reported … Read more
February 14, 2024 at 09:03AM AMD and Intel released patches for over 100 vulnerabilities, including 21 high-severity vulnerabilities, in their processors and software products. AMD addressed flaws in embedded processors, SEV firmware, and UltraScale and UltraScale+ FPGA series devices. Intel issued patches for various drivers, device firmware, Ethernet tools, and software products, resolving a total … Read more
February 13, 2024 at 07:39AM In February 2024, Siemens and Schneider Electric released 18 new security advisories for ICS Patch Tuesday. Siemens addressed 270 vulnerabilities as part of this release, as reported by SecurityWeek. It seems like you’ve shared a snippet of meeting notes or a news article related to cybersecurity. Is there a specific … Read more
January 29, 2024 at 11:12AM Two vulnerabilities in WatchGuard and Panda Security products, tracked as CVE-2023-6330 and CVE-2023-6331, could lead to denial of service (DoS) conditions or code execution with system privileges. The flaws were identified in the Panda Kernel Memory Access driver and were addressed in updates for the affected products. Details are available … Read more
January 15, 2024 at 06:12AM Juniper Networks has addressed more than 100 vulnerabilities, including the critical CVE-2024-21591 affecting Junos OS. The flaw could allow attackers to execute arbitrary code or cause a denial-of-service. Additionally, the company has patched high and medium severity flaws in third-party components. No known attacks exploiting these vulnerabilities have been reported. … Read more