Critical Zimbra RCE flaw exploited to backdoor servers using emails

October 2, 2024 at 10:35AM Hackers are exploiting a Zimbra email server vulnerability (CVE-2024-45519) by sending specially crafted emails to the SMTP server, allowing them to execute commands. Malicious activity was detected by Proofpoint and a proof-of-concept exploit was released, urging users to update to secure versions or take preventive measures as listed. After reviewing … Read more

UPS supplier’s password policy flip-flops from unlimited, to 32, then 64 characters

September 23, 2024 at 08:09AM A major IT hardware manufacturer faced backlash over a recent security update imposing a 32-character limit on passwords. The company, CyberPower Systems, responded to customer complaints by doubling the limit to 64 characters. The change, initiated by a third-party auditor’s recommendation, will be implemented within two weeks. Experts debate the … Read more

GitLab Warns of Max Severity Authentication Bypass Bug

September 19, 2024 at 05:16PM Organizations using self-hosted GitLab instances with SAML-based authentication are advised to urgently update to the latest versions due to a severe bug (CVE-2024-45409) allowing attackers to bypass authentication checks and gain unauthorized access. GitLab has already updated managed instances but urges self-managed installations to patch immediately to mitigate the vulnerability. … Read more

Exploit code released for critical Ivanti RCE flaw, patch now

September 16, 2024 at 03:12PM A critical remote code execution (RCE) vulnerability, CVE-2024-29847, in Ivanti Endpoint Manager was exploited and publicly released by security researcher Sina Kheirkhah. The flaw allows a remote attacker to execute arbitrary operations and should be patched immediately with the security update released in September 2024. Additionally, other Ivanti vulnerabilities are … Read more

GitLab Updates Resolve Critical Pipeline Execution Vulnerability

September 13, 2024 at 05:03AM GitLab announced patches for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) including a critical pipeline execution bug, CVE-2024-6678, with a CVSS score of 9.9. Successful exploitation could disrupt services and inject malicious code. The vulnerabilities affect versions 8.14 to 17.3.1, and patches are available in versions … Read more

Slim CD Data Breach Impacts 1.7 Million Individuals

September 10, 2024 at 05:57AM Payment gateway provider, Slim CD, reported a data breach exposing personal and credit card information of approximately 1.7 million individuals. The breach, lasting ten months, was discovered on June 15, 2024, with unauthorized access potentially leading to compromised data. The affected individuals are being notified, and the company is enhancing … Read more

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

September 9, 2024 at 06:45AM Progress Software has issued security updates to address a critical vulnerability in LoadMaster and Multi-Tenant hypervisor, allowing remote attackers to execute arbitrary commands. Tracked as CVE-2024-7591, the flaw affects specific versions and was discovered by security researcher Florian Grunow. Users are urged to apply the fixes promptly and follow security … Read more

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

September 9, 2024 at 02:57AM Progress Software has issued an emergency fix for a critical vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant products, allowing remote command execution. Based on the meeting notes, it appears that Progress Software has issued an emergency fix for a critical severity vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor … Read more

Apache Makes Another Attempt at Patching Exploited RCE in OFBiz

September 6, 2024 at 08:00AM Apache announced a security update for open source ERP system OFBiz to address two vulnerabilities including a bypass of patches for two exploited flaws. The bypass, CVE-2024-45195, allows unauthenticated, remote attackers to execute code on affected systems. Rapid7 warns both Linux and Windows systems are affected. Users are urged to … Read more

VMware Patches High-Severity Code Execution Flaw in Fusion

September 3, 2024 at 12:12PM VMware issued a security update for its Fusion hypervisor software to fix a high-severity vulnerability (CVE-2024-38811). Exploiting this flaw could lead to code execution within the Fusion context, potentially compromising the entire system. The update also addresses OpenSSL vulnerabilities. Users are urged to update to Fusion version 13.6 to mitigate … Read more