February 29, 2024 at 09:27AM Meta recently patched a critical vulnerability affecting the Facebook password reset process, as reported by cybersecurity researcher Samip Aryal. The flaw allowed an attacker to exploit a two-hour window to brute-force a unique six-digit code and gain control of an account. Meta’s bug bounty program recognized Aryal’s contribution, but the … Read more
February 28, 2024 at 01:21AM Cybersecurity agencies are warning Ubiquiti EdgeRouter users to take precautions against the MooBot botnet, tied to APT28 and used to conduct covert cyber operations globally. The advisory recommends resetting routers, updating firmware, changing default credentials, and implementing firewall rules. This highlights the increasing use of routers as launchpads for malicious … Read more
February 27, 2024 at 01:09AM A critical security flaw (CVE-2024-1071) has been discovered in the Ultimate Member WordPress plugin, potentially allowing attackers to exploit SQL injection and extract sensitive data from the database. The issue has been addressed in version 2.8.3, following responsible disclosure. Users are strongly advised to update the plugin to mitigate potential … Read more
February 23, 2024 at 09:27AM A high-severity vulnerability, tracked as CVE-2024-23204, in Apple Shortcuts allowed attackers to access sensitive user information and system resources without user prompting. Cybersecurity firm Bitdefender discovered the issue, which bypassed Apple’s framework governing access permissions. The vulnerability was addressed with the release of iOS 17.3, iPadOS 17.3, and macOS Sonoma … Read more
February 23, 2024 at 07:33AM ConnectWise’s ScreenConnect product faced a critical vulnerability, leading to widespread exploitation for ransomware and other malware. The company issued patches for an authentication bypass flaw and path traversal issue, now assigned CVE identifiers. Exploited flaws, dubbed SlashAndGrab, allowed unauthorized account creation and arbitrary code execution. Several malicious activities were reported, … Read more
February 22, 2024 at 01:35PM Attackers exploit a severe authentication bypass vulnerability to breach unpatched ScreenConnect servers, deploying LockBit ransomware. ConnectWise released security updates, including a patch for a high-severity path traversal flaw. Both bugs impact all ScreenConnect versions. CISA ordered U.S. federal agencies to secure servers within a week. Threat actors have deployed LockBit … Read more
February 21, 2024 at 12:49PM A critical RCE vulnerability in ConnectWise’s ScreenConnect requires urgent patching due to its severity. The exploit allows an attacker to compromise user accounts and gain admin access, potentially leading to RMM tool attacks. The company has released patches, urging immediate updates due to the high risk of attacks. Limited threat … Read more
February 21, 2024 at 01:15AM VMware has reported critical security flaws in the Enhanced Authentication Plugin (EAP), urging users to uninstall it. The vulnerability enables a malicious actor to manipulate service tickets and hijack sessions. Additionally, SonarSource disclosed cross-site scripting flaws in Joomla!. Salesforce’s Apex programming language also faces high-severity vulnerabilities. Users are advised to … Read more
February 20, 2024 at 06:27AM ConnectWise released software updates to fix critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could enable remote code execution and impact confidential data or critical systems. Users of affected versions are urged to update to version 23.9.8 to mitigate the risk of exploitation. Key Takeaways … Read more
February 19, 2024 at 02:36PM A critical vulnerability, CVE-2024-21410, puts up to 97,000 Microsoft Exchange servers at risk of exploitation by allowing privilege escalation. Microsoft addressed the issue on February 13, but 28,500 servers remain vulnerable. Administrators are urged to apply mitigations to avoid potential misuse and data breaches. The U.S. Cybersecurity & Infrastructure Security … Read more