April 11, 2024 at 02:09AM Fortinet has released patches for the critical security flaw in FortiClientLinux (CVE-2023-45590) with a CVSS score of 9.4. The vulnerability allows arbitrary code execution through a malicious website. Versions 7.0.3 through 7.0.10 are affected, requiring an upgrade to 7.0.11 or higher. Other security issues were also addressed, urging users to … Read more
February 26, 2024 at 04:39PM The White House ONCD urges tech companies to adopt memory-safe programming languages like Rust to enhance software security by reducing memory safety vulnerabilities. Such vulnerabilities can lead to security risks and unauthorized access to data, posing a threat to the digital ecosystem. This initiative aligns with President Biden’s National Cybersecurity … Read more
February 20, 2024 at 10:03AM Over 28,000 internet-accessible Microsoft Exchange servers are affected by a zero-day vulnerability, with an additional 68,000 instances considered possibly vulnerable. The flaw, tracked as CVE-2024-21410, allows for privilege escalation and pass-the-hash attacks. Organizations are urged to apply available mitigations and patches as the exploit is actively targeted. From the meeting … Read more
January 31, 2024 at 10:49AM Ivanti has released the first round of patches for Connect Secure and Policy Secure gateways, addressing two zero-day vulnerabilities. Admins are advised to apply the patches and factory-reset devices as a precaution. This comes after delayed releases and growing exploitation. Customers should monitor and apply mitigations as patches continue to … Read more
January 25, 2024 at 11:48AM Cisco announced security updates to address a critical-severity vulnerability (CVE-2024-20253, CVSS 9.9) affecting multiple Unified Communications and Contact Center Solutions products. The flaw could allow attackers to execute arbitrary commands with system privileges. Cisco advises immediate patching and mitigation using access control lists. Medium-severity flaws in Business 250/350 series switches … Read more
January 16, 2024 at 10:04AM Ivanti Connect Secure (ICS) VPN users are at risk if they have not applied recent vulnerability mitigation. Over 1,700 devices have been compromised due to successful exploits. The attacks have targeted a wide range of organizations globally. Users are advised to run Ivanti’s Integrity Checker Tool to detect compromises and … Read more
December 18, 2023 at 11:29AM The FBI, CISA, and ASD’s ACSC jointly warn that the Play ransomware gang has targeted approximately 300 organizations globally between June 2022 and October 2023, impacting critical infrastructure. The group employs unconventional tactics, including stealing sensitive data and using a custom VSS Copying Tool. Organizations are urged to address vulnerabilities … Read more
December 13, 2023 at 09:12AM Google is promoting the use of Clang sanitizers for enhancing the security of Android’s cellular baseband. The sanitizers, such as IntSan and BoundSan, help detect vulnerabilities and prevent remote code execution. Despite performance overhead, Google has enabled them in critical attack surfaces. The move complements the transition to memory-safe languages … Read more