July 9, 2024 at 01:22PM Hackers are exploiting a vulnerability in the Modern Events Calendar WordPress plugin, affecting over 150,000 websites. The vulnerability, CVE-2024-5441, allows remote code execution and complete website takeover. A fix in version 7.12.0 has been released, but ongoing attacks are reported, prompting users to upgrade immediately or disable the plugin. Based … Read more
July 9, 2024 at 09:21AM Cybersecurity researchers discovered a vulnerability in the RADIUS network authentication protocol named BlastRADIUS, which allows attackers to carry out Mallory-in-the-middle attacks. This flaw affects all standards-compliant RADIUS clients and servers, making it crucial for ISPs and organizations to update their networking equipment. The vulnerability, with a CVSS score of 9.0, … Read more
July 2, 2024 at 07:07AM Modern Intel CPUs like Raptor Lake and Alder Lake are vulnerable to a new side-channel attack named “Indirector.” The attack exploits weaknesses in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to leak sensitive information. Mitigations include using Indirect Branch Predictor Barrier (IBPB) more aggressively and hardening the Branch … Read more
July 2, 2024 at 02:08AM Velvet Ant, a Chinese cyber espionage group, has exploited a zero-day flaw in Cisco NX-OS Software to deliver custom malware and gain control over compromised Cisco Nexus devices. This vulnerability, CVE-2024-20399, allows an attacker with administrator credentials to execute commands as root. The impacted devices include various Nexus switches. Additionally, … Read more
July 1, 2024 at 08:21AM Attackers are targeting a critical vulnerability (CVE-2024-0769) in discontinued D-Link DIR-859 WiFi routers, enabling remote exploitation without authentication and leaking sensitive information. A published exploit has already been observed in the wild, and mass exploitation is anticipated. D-Link urges owners to replace these devices, as they are no longer receiving … Read more
July 1, 2024 at 07:38AM A critical vulnerability (CVE-2024-2973) in Juniper Networks routers scored a perfect 10 on CVSS systems. Juniper advised applying emergency patches due to an authentication bypass bug that could allow network-based attackers to take control. The bug affects Smart Session Router, Session Smart Conductor, and WAN Assurance Routers, potentially causing significant … Read more
July 1, 2024 at 07:28AM Juniper Networks issued an out-of-cycle security bulletin regarding a critical vulnerability, tracked as CVE-2024-2973, which can lead to an authentication bypass on Session Smart routers and conductor products. The company advised affected systems to upgrade to specific software versions and noted that the vulnerability has been automatically resolved on certain … Read more
July 1, 2024 at 02:57AM Juniper Networks has released critical security updates to fix an Authentication Bypass Using an Alternate Path or Channel vulnerability in some routers, affecting devices running in high-availability redundant configurations. The flaw, tracked as CVE-2024-2973, carries a maximum severity score. The company urges users to apply the patches to protect against … Read more
June 30, 2024 at 11:21AM Juniper Networks released an emergency update to address a critical vulnerability, tracked as CVE-2024-2973, which could lead to an authentication bypass in Session Smart Router, Conductor, and WAN Assurance Router products. The affected versions and recommended patches were listed, highlighting the need for immediate action due to active exploitation of … Read more
June 30, 2024 at 10:43AM The ‘ip’ open-source project’s GitHub repository was archived by its developer, Fedor Indutny, due to dubious or bogus CVE reports being filed against it. The ‘node-ip’ GitHub repository was also made read-only, limiting interactions. Indutny disputed the severity of the CVE and raised concerns about the influx of unverified vulnerability … Read more