vulnerability

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

by

March 11, 2024 at 02:45AM A critical security flaw (CVE-2024-1403) in Progress Software OpenEdge Authentication Gateway and AdminServer allows unauthorized access via bypassing authentication protections. Exploit specifics and technical details disclosed, with severity rating of 10.0. Addressed in versions OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1. Horizon3.ai released a proof-of-concept, identifying potential remote code execution … Read more

Critical Fortinet flaw may impact 150,000 exposed devices

by

March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

by

March 8, 2024 at 03:45AM Cisco has addressed a high-severity security flaw in its Secure Client software, known as CVE-2024-20337, which could be exploited for a VPN session with a targeted user. A successful exploit could permit an attacker to execute arbitrary script code in the browser. Another high-severity flaw in Secure Client for Linux, … Read more

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

by

March 8, 2024 at 02:09AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities catalog due to active exploitation by threat actors. The vulnerability allows for complete server compromise and has been weaponized to deliver ransomware. Users are urged to … Read more

About the security content of watchOS 10.4 – Apple Support

by

March 7, 2024 at 01:51PM Apple released a security update to address multiple vulnerabilities in various products, including CoreBluetooth, ImageIO, Kernel, libxpc, MediaRemote, Messages, RTKit, Sandbox, Share Sheet, Siri, UIKit, WebKit. The update is available for Apple Watch Series 4 and later. These vulnerabilities may allow various exploits, including access to sensitive user data and … Read more

Critical TeamCity flaw now widely exploited to create admin accounts

by

March 7, 2024 at 07:34AM Hackers are exploiting a critical authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises. Hundreds of unpatched instances are being compromised, posing a risk of supply-chain attacks. Vulnerable hosts are mainly in Germany, the United States, and Russia. Rapid7 urges immediate update to fix the severe issue. (Word count: 50) Key takeaways … Read more

VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

by

March 6, 2024 at 03:15AM VMware has issued patches for four security flaws affecting ESXi, Workstation, and Fusion, including two critical bugs allowing code execution. The vulnerabilities, including use-after-free bugs in the XHCI USB controller, carry high CVSS scores. CVE-2024-22252 and CVE-2024-22253 were discovered by multiple security researchers and require immediate patching. Temporary workaround includes … Read more

Over 100 Malicious AI/ML Models Found on Hugging Face Platform

by

March 4, 2024 at 04:54AM Security researchers have discovered around 100 malicious AI/ML models on the Hugging Face platform. These models pose a significant security threat, potentially allowing attackers to gain control over machines, leading to data breaches and corporate espionage. Furthermore, researchers have developed techniques to manipulate large-language models (LLMs) for harmful purposes, demonstrating … Read more

Windows Kernel bug fixed last month exploited as zero-day since August

by

March 2, 2024 at 10:58AM Microsoft recently patched a high-severity Windows Kernel vulnerability, CVE-2024-21338, which was actively exploited for six months after it was reported. The flaw allowed attackers to gain SYSTEM privileges without user interaction. Avast discovered that North Korean Lazarus hackers used the vulnerability to gain kernel-level access and evade security tools. Windows … Read more

CISA Warns of Windows Streaming Service Vulnerability Exploitation

by

March 1, 2024 at 08:57AM The US cybersecurity agency CISA added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of active exploitation. The flaw, tracked as CVE-2023-29360, could allow attackers to gain System privileges. CISA urges organizations to apply patches and has a deadline of March … Read more