Ivanti warns high severity CSA flaw is now exploited in attacks

September 13, 2024 at 01:40PM Ivanti has confirmed the active exploitation of a high severity vulnerability in its Cloud Services Appliance solution. Based on the meeting notes, it is important to note that Ivanti confirmed on Friday a high severity vulnerability in its Cloud Services Appliance (CSA) solution that is currently being actively exploited in … Read more

Veeam Patches Critical Vulnerabilities in Enterprise Products

September 6, 2024 at 08:00AM Veeam announced patches for critical-severity bugs this week, impacting its enterprise products. The vulnerabilities could lead to remote code execution and sensitive information disclosure. The flaws affect various Veeam solutions including Backup & Replication, Veeam ONE, Service Provider Console, Veeam Agent for Linux, and other plugins. Users are advised to … Read more

Zyxel Patches Critical Vulnerabilities in Networking Devices

September 4, 2024 at 08:36AM Zyxel has released patches addressing critical vulnerabilities in their networking devices. The patches cover multiple access point and security router models, as well as firewall series devices. The vulnerabilities could allow remote attackers to execute arbitrary commands or cause a denial-of-service condition. Zyxel advises affected product owners to obtain the … Read more

Fortra Patches Critical Vulnerability in FileCatalyst Workflow

August 30, 2024 at 07:24AM Fortra announced patches for critical vulnerabilities in FileCatalyst Workflow, including a flaw involving leaked credentials (CVE-2024-6633) and a high-severity SQL injection issue (CVE-2024-6632). These vulnerabilities could grant an attacker remote access and perform dangerous operations. The company advises customers to update to FileCatalyst Workflow version 5.1.7 build 156 to mitigate … Read more

Why End of Life for Applications Is the Beginning of Life for Hackers

August 22, 2024 at 10:04AM The text discusses the importance of tracking end-of-life and end-of-support dates for software assets to mitigate security risks. It emphasizes the challenges of migrating applications and the need for early planning to justify costs and demonstrate business value. The commentary also highlights the need to address internal politics and stakeholders … Read more

Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira

August 22, 2024 at 08:45AM Atlassian’s August 2024 security bulletin outlines nine high-severity vulnerabilities affecting Bamboo, Confluence, Crowd, and Jira products. Patches have been released for issues such as remote code execution, denial-of-service, cross-site scripting, and server-side request forgery. The company advises users to promptly update their installations to address these vulnerabilities. Based on the … Read more

Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities

August 14, 2024 at 06:57AM Intel and AMD disclose multiple vulnerabilities in their products. Intel’s 43 advisories cover around 70 security holes, including high-severity flaws impacting various products. Medium-severity vulnerabilities were also patched in several hardware, software, and technologies. Similarly, AMD issued eight advisories addressing 46 vulnerabilities, including high-severity issues and plans to mitigate new … Read more

Chrome, Firefox Updates Patch Serious Vulnerabilities 

August 7, 2024 at 04:24AM Mozilla and Google released updates for their web browsers, patching a total of 20 vulnerabilities. Google’s Chrome version 127.0.6533.99 fixed six vulnerabilities of various severity, including a critical out-of-bounds memory access issue. Meanwhile, Mozilla’s Firefox version 129 addressed 14 vulnerabilities, 11 of which are rated as high severity. Both companies … Read more

Chrome 127 Patches 24 Vulnerabilities

July 24, 2024 at 08:39AM Google released Chrome 127, addressing 24 vulnerabilities, with memory safety bugs and high-severity flaws the most prevalent. The update includes patches for high and medium-severity vulnerabilities, as well as low-severity issues, awarding over $55,000 in bug bounty rewards. Users are encouraged to update promptly, with specifics on vulnerabilities withheld until … Read more

Oracle Patches 240 Vulnerabilities With July 2024 CPU

July 17, 2024 at 06:03AM Oracle announced 386 new security patches in its July 2024 Critical Patch Update (CPU), addressing over 260 unauthenticated, remotely exploitable vulnerabilities. The update includes roughly 240 unique CVEs, with notable patches for Communications and Financial Services Applications. Oracle urges customers to apply patches promptly to avoid exploitation as threat actors … Read more