Got an unpatched LG ‘smart’ television? It could be watching you back

April 9, 2024 at 02:09PM Multiple bugs in LG’s WebOS on smart TVs permit attackers to gain root access and control the device. Bitdefender Labs identified four vulnerabilities, affecting WebOS versions 4-7, with CVSS ratings of up to 9.1. These flaws enable account creation and command execution, a PIN/prompt bypass, and manipulation of the music-lyrics … Read more

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems

April 4, 2024 at 08:30AM Progress Software has released patches for a critical vulnerability in its widely used network monitoring and security solution, Flowmon, which could allow remote, unauthenticated attackers to gain access to systems. Tracked as CVE-2024-2389 with the highest severity rating, the bug was fixed in versions 11.1.14 and 12.3.5. Users should update … Read more

Cisco Patches High-Severity IOS RX Vulnerabilities 

March 14, 2024 at 09:15AM Cisco announced patches for multiple high-severity vulnerabilities in IOS RX software, addressing DoS and privilege elevation risks. Vulnerabilities include flaws in SSH, line cards with Layer 2 services, and PPPoE termination in ASR 9000 series routers. The fixes are part of the March 2024 IOS RX security advisories bundle, also … Read more

Hikvision Patches High-Severity Vulnerability in Security Management System

March 4, 2024 at 08:48AM Hikvision has released patches for two vulnerabilities in its security management system HikCentral Professional. The more serious flaw, CVE-2024-25063, could lead to unauthorized access to specific URLs. The second bug, CVE-2024-25064, requires authentication to be exploited. Hikvision urges customers to apply the patches promptly, as prior vulnerabilities have been exploited. … Read more

Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

February 9, 2024 at 09:38AM Summary: Fortinet faced a series of security vulnerabilities impacting FortiOS, including a critical SSL VPN issue. Users were urged to upgrade to patched versions, with specific guidelines for affected FortiOS versions. Fortinet’s delayed and confusing response to vulnerability disclosures drew criticism. Additionally, an unusual incident involving a toothbrush DDoS attack … Read more

Critical Cisco bug exposes Expressway gateways to CSRF attacks

February 7, 2024 at 01:30PM Cisco has addressed critical vulnerabilities in its Expressway Series gateways through patches, mitigating the risk of cross-site request forgery (CSRF) attacks. These security flaws could allow attackers to remotely target and manipulate vulnerable systems. Expressway Series devices with default configurations are impacted by the vulnerabilities, prompting the need for migration … Read more

PoC Exploit Published for Critical Jenkins Vulnerability

January 29, 2024 at 11:12AM It is critical to update to the latest Jenkins versions due to a recently disclosed vulnerability (CVE-2024-23897). The security flaw in Jenkins versions before 2.442 and LTS 2.426.3 allows attackers to read sensitive information and execute arbitrary code. Organizations are urged to update to the patched versions or disable the … Read more

Cisco Patches Critical Vulnerability in Unity Connection Product

January 11, 2024 at 09:21AM Cisco announced patches for a critical vulnerability (CVE-2024-20272) in Unity Connection, enabling remote exploitation without authentication. Versions 12.5.1.19017-4 and 14.0.1.14006-5 resolve this. Additionally, a medium-severity flaw (CVE-2024-20287) in the WAP371 access point’s discontinued model has a released exploit code. Cisco advises migration to Business 240AC AP and announced patches for … Read more

Cisco says critical Unity Connection bug lets attackers get root

January 10, 2024 at 03:46PM Cisco has addressed a critical security flaw in Unity Connection, preventing unauthenticated attackers from gaining root privileges remotely. The vulnerability (CVE-2024-20272) allows execution of commands on the operating system by uploading arbitrary files. Additionally, Cisco patched ten medium-severity vulnerabilities in various products, including a command injection flaw in the WAP371 … Read more

Google Patches Six Vulnerabilities With First Chrome Update of 2024

January 4, 2024 at 10:13AM Google announced the first Chrome security update of 2024, resolving six vulnerabilities, including high-severity memory safety flaws reported by external researchers. Bug bounty rewards were handed out for some of the reported flaws. The update strengthens Chrome’s defenses against exploitation and is available for macOS, Linux, and Windows. No current … Read more