Decade-Old Cisco Vulnerability Under Active Exploit

December 3, 2024 at 03:41PM Cisco warns customers of a decade-old security flaw in its Adaptive Security Appliance (ASA) WebVPN, tracked as CVE-2014-2120, which is being actively exploited. This vulnerability allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. Customers are urged to upgrade software, as no workarounds exist. ### Meeting Takeaways 1. **Security … Read more

Fortinet VPN design flaw hides successful brute-force attacks

November 21, 2024 at 09:39AM A design flaw in Fortinet’s VPN logging mechanism allows successful credential verifications during brute-force attacks to go unlogged. Researchers from Pentera discovered that halting the login process post-authentication prevents successful attempts from being recorded, risking undetected breaches. Fortinet does not classify the issue as a vulnerability. ### Meeting Takeaways: 1. … Read more

qBittorrent fixes flaw exposing users to MitM attacks for 14 years

October 31, 2024 at 11:14AM qBittorrent fixed a long-standing remote code execution vulnerability related to SSL/TLS certificate validation in its DownloadManager. This flaw, present since 2010, allowed potential man-in-the-middle attacks. The issue was resolved in version 5.0.1, released on October 28, 2024, but users were not adequately informed. Immediate upgrade is recommended. ### Meeting Takeaways: … Read more

Thousands of Fortinet instances vulnerable to actively exploited flaw

October 14, 2024 at 08:36AM Over 86,000 Fortinet instances remain vulnerable to a critical flaw (CVE-2024-23113) actively exploited since last week, mainly in Asia. The vulnerability, with a high severity rating, affects various Fortinet products and requires urgent updates or mitigations as recommended by Fortinet to ensure security against potential exploits. ### Meeting Takeaways: Fortinet … Read more

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

October 7, 2024 at 05:57AM A critical security flaw (CVE-2024-47561) in Apache Avro Java SDK prior to 1.11.4 allows execution of arbitrary code, impacting large-scale data processing. Users are advised to upgrade to version 1.11.4 or 1.12.0. Vulnerability exists in deserializing input via Avro schema, affecting organizations mainly in the US. Mitigations include sanitizing schemas … Read more

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

October 4, 2024 at 06:00AM A high-severity security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-47374) allows for arbitrary JavaScript code execution. The flaw was patched in version 6.5.1 on September 25, 2024, after being responsibly disclosed. This vulnerability could enable privilege escalation and affects all versions up to 6.5.0.2, potentially impacting the over … Read more

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

October 3, 2024 at 10:45AM Linux servers are under attack by a persistent campaign delivering perfctl malware, aiming to run a cryptocurrency miner and proxyjacking software. The elusive and stealthy malware employs sophisticated techniques including exploiting a security flaw in Polkit. It’s recommended to keep systems updated, restrict file execution, and enforce network segmentation to … Read more

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

September 27, 2024 at 02:48AM A security flaw in NVIDIA Container Toolkit (CVE-2024-0132) allows threat actors to escape container confines and access the underlying host. The vulnerability affects NVIDIA Container Toolkit v1.16.1 and earlier, and NVIDIA GPU Operator up to 24.6.1. Addressed in versions v1.16.2 and 24.6.2, the flaw poses potential risks and requires immediate … Read more

Doomsday 9.9 RCE bug could hit every Linux system – and more

September 26, 2024 at 01:40PM Bug hunter Simone Margaritelli has disclosed a critical, 9.9-rated unauthenticated RCE affecting GNU/Linux systems, with a possible release of technical details and exploit on September 30. Security teams have time to prepare, but details about the flaw are limited. The severity has been confirmed by Canonical and RedHat, raising concerns … Read more

Critical Ivanti vTM auth bypass bug now exploited in attacks

September 24, 2024 at 01:06PM CISA has identified a critical Ivanti security vulnerability (CVE-2024-7593) allowing threat actors to create unauthorized admin users on vulnerable Ivanti vTM appliances. The flaw enables bypass of authentication algorithms on internet-exposed vTM admin panels. Ivanti has released security updates and recommends restricting access to the vTM management interface. CISA requires … Read more