October 8, 2024 at 03:29PM Microsoft released security updates to address vulnerabilities in multiple products. CISA advises users and administrators to review and apply necessary updates from the Microsoft Security Update Guide for October to mitigate potential cyber threats. Based on the meeting notes, the key takeaway is that Microsoft has released security updates to … Read more
October 3, 2024 at 05:25PM The Cybersecurity and Infrastructure Security Agency has added CVE-2024-29824, an SQL Injection vulnerability in Ivanti Endpoint Manager, to its Known Exploited Vulnerabilities Catalog. Rated critical with a CVSS score of 9.6, this flaw was exploited in the wild, prompting Ivanti to release security updates in May. Organizations are cautioned to … Read more
October 2, 2024 at 11:05AM The U.S. cybersecurity agency CISA has issued a warning about two critical vulnerabilities in Optigo Networks ONS-S8 Aggregation Switch products, used in critical infrastructure worldwide. The flaws allow bypassing of password requirements and could lead to remote code execution. No fixes are available, so users are advised to apply suggested … Read more
October 2, 2024 at 10:15AM A series of critical vulnerabilities in DrayTek routers, including buffer overflow and cross-site scripting flaws, have been discovered, posing a significant security risk. Over 700,000 exposed devices globally are affected, requiring immediate patching. The incident highlights the importance of secure network practices, especially for critical infrastructure organizations. Joint cybersecurity guidance … Read more
October 1, 2024 at 05:16PM Numerous high- and critical-severity bugs were discovered in government agency software platforms, posing security risks to sensitive personal data such as Social Security numbers and voter registrations. Security researcher Jason Parker exposed vulnerabilities in 19 platforms, including an issue with Georgia’s voter cancellation portal. Outdated systems and inadequate funding contribute … Read more
October 1, 2024 at 08:51AM CISA alerted organizations about exploited SAP Commerce, Gpac framework, and D-Link DIR-820 router vulnerabilities, which are years old. This warning highlights the ongoing risk posed by these vulnerabilities in the wild. (47 words) Based on the meeting notes, the key takeaway is that CISA has warned about the exploitation of … Read more
September 27, 2024 at 08:02AM Progress Software recently identified and warned customers about six vulnerabilities in WhatsUp Gold, urging them to upgrade to version 24.0.1 to address these issues. The vulnerabilities, including SQL injection and remote code execution flaws, were reported by various security researchers and have been exploited by attackers. Progress has released patches … Read more
September 26, 2024 at 03:32PM HPE has issued emergency fixes for critical flaws in Aruba access points running AOS-8 and AOS-10. These vulnerabilities, rated 9.8 on the CVSS scale, allow attackers to run code on the systems. The flaws affect specific versions of AOS, and HPE advises upgrading to protect against these vulnerabilities. The discovery … Read more
September 26, 2024 at 11:13AM Cisco Talos disclosed critical and high-severity vulnerabilities in OpenPLC, an open source programmable logic controller designed for industrial automation and research. These can be exploited for DoS attacks and remote code execution using specially crafted EtherNet/IP requests. The vulnerabilities were patched on September 17, and users are advised to update … Read more
September 24, 2024 at 03:44PM Multiple critical security vulnerabilities have been found in automatic tank gauge (ATG) systems, posing threats to critical infrastructure by allowing attackers to potentially gain full control of the systems. Researchers warn of the potential for cyberattacks impacting fuel availability, environmental disruption, and physical damage. Mitigation efforts are ongoing, emphasizing the … Read more