July 16, 2024 at 06:19PM CISA warns of actively exploited GeoServer GeoTools remote code execution flaw (CVE-2024-36401). The flaw allows arbitrary code execution and affects all GeoServer instances. Researchers demonstrated proof of concept exploits, prompting patching of versions 2.23.6, 2.24.4, and 2.25.2. CISA requires federal agencies to patch servers by August 5th, 2024, while private … Read more
July 16, 2024 at 12:09PM CISA is urgently advising federal agencies to address a high-severity vulnerability in GeoServer (CVE-2024-36401) due to active exploitation risks. The flaw allows unauthenticated attackers to execute remote code through crafted input, affecting all GeoServer instances. Users are recommended to apply the latest patches and review CISA’s Known Exploited Vulnerabilities list … Read more
July 16, 2024 at 05:15AM The Void Banshee APT group was discovered exploiting a zero-day vulnerability in the Microsoft MHTML browser engine to distribute the Atlantida information stealer. It was used in a multi-stage attack chain via specially crafted internet shortcut files. The group targets organizations globally and has a history of information theft and … Read more
July 16, 2024 at 12:45AM The U.S. CISA identified a critical security flaw in OSGeo GeoServer GeoTools as actively exploited. The vulnerability, CVE-2024-36401, allows remote code execution. Versions 2.23.6, 2.24.4, and 2.25.2 address the issue. Another flaw, CVE-2024-36404, also poses RCE risk. Federal agencies must apply fixes by August 5, 2024, amid reports of active … Read more
July 15, 2024 at 07:09AM A threat actor, known as CRYSTALRAY, has expanded its operations and infected over 1,500 victims using open-source security tools. Their primary objectives include harvesting and selling credentials, deploying cryptocurrency miners, and maintaining persistence in victim environments. Various methods, including tool abuse and credential discovery, are employed, posing serious security risks. … Read more
July 12, 2024 at 04:34PM GitLab recently disclosed a critical vulnerability, CVE-2024-6385, impacting its DevOps platform, allowing attackers to run pipelines within users’ contexts. With a severity rating of 9.6 on the CVSS scale, the bug affects GitLab versions 15.8 to 17.1. Users were strongly urged to upgrade as soon as possible. This follows a … Read more
July 11, 2024 at 11:49AM Palo Alto Networks has released security updates to address several vulnerabilities in its products, including a critical bug impacting the Expedition migration tool, allowing an admin account takeover. Another flaw named BlastRADIUS could enable privilege escalation in certain PAN-OS firewall versions. Users are advised to update to the latest versions … Read more
July 11, 2024 at 01:54AM Multiple threat actors are exploiting a recently disclosed security flaw in PHP (CVE-2024-4577) to deliver remote access trojans, cryptocurrency miners, and DDoS botnets. Users are advised to update their PHP installations. Additionally, DDoS attacks increased 20% year-over-year, with China being the most targeted country. Follow for more exclusive content. Based … Read more
July 10, 2024 at 12:54PM VMWare, owned by Broadcom, issued patches for a high-risk SQL-injection vulnerability in Aria Automation, allowing an authenticated malicious user to manipulate databases. Tracked as CVE-2024-22280, the flaw permits unauthorized read and write operations in the database through specially crafted SQL queries. The bug carries a CVSS severity score of 8.5/10 … Read more
July 10, 2024 at 08:09AM Microsoft has released patches for 143 security flaws, including two actively exploited vulnerabilities. The flaws affect Windows, Edge browser, Hyper-V, and Office, among others. One of the exploited flaws is a remote code execution bug impacting .NET and Visual Studio. Other vendors have also issued security updates. [Word Count: 49] … Read more