November 20, 2023 at 09:33AM Johnson Controls has released patches for a critical vulnerability found in some of its industrial refrigeration products. The flaw, known as CVE-2023-4804, could allow unauthorized access to debug features. Impacted products include control panels used in the food and beverage industry worldwide. The patches fix the vulnerability that could potentially … Read more
November 20, 2023 at 04:36AM Between 2011 and 2015, Bitcoin wallets are vulnerable to an exploit called Randstorm that allows unauthorized access. Approximately 1.4 million bitcoins may be affected. Customers can check if their wallets are at risk on www.keybleed.com. The vulnerability stems from the use of BitcoinJS, an open-source JavaScript package for cryptocurrency wallets. … Read more
November 18, 2023 at 10:32PM A proof-of-concept exploit for a critical remote code execution vulnerability in CrushFTP has been publicly released. Attackers can access files, execute code, and obtain passwords. The developers released a fix in CrushFTP 10.5.2, but applying the patches may not protect against all threats. Users should update to the latest version, … Read more
November 16, 2023 at 10:22AM Fortinet has warned customers about a critical OS command injection vulnerability in its FortiSIEM report server. The flaw can be exploited by remote, unauthenticated attackers to execute unauthorized commands through specially crafted API requests. The vulnerability, tracked as CVE-2023-36553, is a variant of a previous vulnerability (CVE-2023-34992). Fortinet advises affected … Read more
November 15, 2023 at 09:57AM Microsoft has released patches and guidance for a high-severity vulnerability in Azure CLI that could expose sensitive information. The bug allowed certain Azure CLI functions to inadvertently expose secrets through CI/CD logs, potentially compromising plaintext passwords and usernames. Microsoft has made changes to Azure CLI commands to address the issue … Read more
November 15, 2023 at 09:45AM A critical security flaw in Apache ActiveMQ, tracked as CVE-2023-46604, allows threat actors to execute arbitrary code in memory. The flaw has been exploited by ransomware groups, deploying ransomware like HelloKitty and a strain similar to TellYouThePass, as well as a remote access trojan called SparkRAT. The attacks rely on … Read more
November 15, 2023 at 08:58AM SAP has released three new and three updated security notes as part of its November 2023 Security Patch Day. The most important new note addresses a vulnerability in the Business One application, while the updated notes address various vulnerabilities in different SAP products. Customers are advised to apply the patches … Read more
November 14, 2023 at 11:27PM VMware has issued a warning about a critical security flaw in Cloud Director that could allow unauthorized access. The vulnerability affects instances upgraded to version 10.5 and can be exploited to bypass login restrictions on certain ports. A fix has not yet been released, but a workaround is available. This … Read more
November 14, 2023 at 06:34PM The WordPress plugin WP Fastest Cache has an SQL injection vulnerability that could allow attackers to access the site’s database. Over 600,000 websites are still using a vulnerable version of the plugin. The vulnerability affects all versions before 1.2.2. An exploit will be released on November 27, 2023, and users … Read more
November 14, 2023 at 04:47PM VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. The vulnerability only affects certain versions of the appliance and can be exploited remotely without user interaction. While no patch is available, VMware has provided a temporary workaround that does not disrupt functionality or require downtime. After … Read more