March 21, 2024 at 09:48AM Cybersecurity researchers have uncovered AndroxGh0st, a tool used to target and steal sensitive data from Laravel applications. The tool exploits various vulnerabilities, such as CVE-2017-9841, to access and control targeted systems. As cloud environments are increasingly targeted, it’s crucial to keep software updated and monitor for suspicious activity. Krebs on … Read more
March 21, 2024 at 09:45AM Microsoft has released a patch for an Xbox vulnerability (CVE-2024-2891) categorized as ‘important’ severity, allowing local attackers with low privileges to escalate to System. The fix is automatically delivered to users with automatic updates enabled. This follows initial reluctance by Microsoft to acknowledge the issue, which was later publicly disclosed … Read more
March 21, 2024 at 09:45AM Cybersecurity company Tenable disclosed a one-click vulnerability on AWS service allowing complete user account takeover. Named FlowFixation, it affected the Managed Workflows Apache Airflow service. The flaw, now patched, enabled session manipulation for web management panel takeover and potential remote code execution. Tenable’s wider findings on misconfigured shared-parent domains prompted … Read more
March 21, 2024 at 12:48AM Ivanti has disclosed a critical remote code execution flaw, CVE-2023-41724, in Standalone Sentry with a CVSS score of 9.6. All supported versions are affected, and patches are available for download. The company credited security experts and mentioned that no customers are known to be affected. Other security flaws in Ivanti … Read more
March 20, 2024 at 01:09PM Ivanti urges customers to patch Standalone Sentry and Ivanti Neurons for ITSM for critical vulnerabilities (CVE-2023-41724 and CVE-2023-46808). Neurons cloud landscapes are secure, while on-premises deployments remain vulnerable. Although there’s no evidence of exploitation, the urgency to apply the patch is stressed. Nation-state actors and other threat groups have exploited … Read more
March 20, 2024 at 10:51AM Atlassian patched 24 vulnerabilities in products including Bamboo, Bitbucket, Confluence, and Jira. The critical-severity bug (CVE-2024-1597) impacts org.postgresql:postgresql, could allow unauthenticated attackers to exploit assets, and affects Bamboo Data Center and Server versions 8.2.1 to 9.5.0. Atlassian also released security updates for Confluence and Jira. Users are advised to update … Read more
March 19, 2024 at 02:42AM Summary: Jenkins, a widely used open-source automation server, is affected by the CVE-2024-23897 file read vulnerability, allowing unauthorized access to files. This vulnerability poses a severe security risk, with potential exploitation scenarios including remote code execution. Various attack instances have been observed, emphasizing the urgency of securing Jenkins installations. Trend … Read more
March 18, 2024 at 03:08PM Despite a slight increase in patching, over 133,000 Fortinet appliances remain vulnerable to the critical security flaw CVE-2024-21762. The vulnerability allows remote code execution and is actively exploited. Another critical flaw, CVE-2023-48788, has been disclosed, adding to the patching workload. The widespread attacks make swift patching crucial. Key takeaways from … Read more
March 18, 2024 at 10:09AM Fortra disclosed a critical security flaw in its FileCatalyst solution allowing unauthenticated attackers to achieve remote code execution by bypassing restrictions on file uploads. Tracked as CVE-2024-25153, the flaw received a CVSS score of 9.8 and was patched in FileCatalyst Workflow version 5.1.6 Build 114. Other vulnerabilities, CVE-2024-25154 and CVE-2024-25155, … Read more
March 18, 2024 at 06:45AM The PoC code is available for a critical vulnerability (CVE-2024-25153, CVSS score 9.8) in Fortra FileCatalyst Workflow. Attackers can execute arbitrary code through a directory traversal bug in the ‘ftpservlet’ component, potentially leading to web shell execution. SOCRadar warns of threat actor exploitation and advises prompt system updates. Additional details … Read more