October 1, 2024 at 05:16PM Numerous high- and critical-severity bugs were discovered in government agency software platforms, posing security risks to sensitive personal data such as Social Security numbers and voter registrations. Security researcher Jason Parker exposed vulnerabilities in 19 platforms, including an issue with Georgia’s voter cancellation portal. Outdated systems and inadequate funding contribute … Read more
October 1, 2024 at 08:51AM CISA alerted organizations about exploited SAP Commerce, Gpac framework, and D-Link DIR-820 router vulnerabilities, which are years old. This warning highlights the ongoing risk posed by these vulnerabilities in the wild. (47 words) Based on the meeting notes, the key takeaway is that CISA has warned about the exploitation of … Read more
September 27, 2024 at 08:02AM Progress Software recently identified and warned customers about six vulnerabilities in WhatsUp Gold, urging them to upgrade to version 24.0.1 to address these issues. The vulnerabilities, including SQL injection and remote code execution flaws, were reported by various security researchers and have been exploited by attackers. Progress has released patches … Read more
September 26, 2024 at 03:32PM HPE has issued emergency fixes for critical flaws in Aruba access points running AOS-8 and AOS-10. These vulnerabilities, rated 9.8 on the CVSS scale, allow attackers to run code on the systems. The flaws affect specific versions of AOS, and HPE advises upgrading to protect against these vulnerabilities. The discovery … Read more
September 26, 2024 at 11:13AM Cisco Talos disclosed critical and high-severity vulnerabilities in OpenPLC, an open source programmable logic controller designed for industrial automation and research. These can be exploited for DoS attacks and remote code execution using specially crafted EtherNet/IP requests. The vulnerabilities were patched on September 17, and users are advised to update … Read more
September 24, 2024 at 03:44PM Multiple critical security vulnerabilities have been found in automatic tank gauge (ATG) systems, posing threats to critical infrastructure by allowing attackers to potentially gain full control of the systems. Researchers warn of the potential for cyberattacks impacting fuel availability, environmental disruption, and physical damage. Mitigation efforts are ongoing, emphasizing the … Read more
September 24, 2024 at 02:24PM Cybersecurity warnings about vulnerabilities in automatic tank gauge (ATG) systems persist nearly a decade later, with critical security holes found in widely-deployed devices across various industries. Bitsight’s analysis revealed 10 vulnerabilities, with the potential for remote hacking leading to physical damage and financial theft. Despite their findings, the number of … Read more
September 24, 2024 at 09:36AM Riello UPS devices are vulnerable to hackers due to unpatched vulnerabilities according to Austria-based firm CyberDanube. The vulnerabilities in the NetMan 204 network communications card enable attackers to take control of the UPS systems, posing a risk to devices directly exposed to the internet. Riello is yet to address these … Read more
September 19, 2024 at 06:57PM CISA added five flaws to its Known Exploited Vulnerabilities catalog, including a critical remote code execution (RCE) flaw in Apache HugeGraph-Server (CVE-2024-27348). It urges users to apply mitigations or discontinue use by October 9, 2024. The product is vital for various sectors and has older vulnerabilities added for documentation purposes. … Read more
September 19, 2024 at 11:06AM CISA added critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including two Oracle flaws (CVE-2022-21445 and CVE-2020-14644). These can be exploited for remote code execution and system takeover. The flaws impact Oracle Fusion Middleware’s JDeveloper and WebLogic Server, and are linked to reported attacks on major organizations’ systems. Key … Read more