#WebApplicationFirewall

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

by

April 17, 2024 at 07:12AM Cybersecurity researchers have uncovered a new campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, allowing unauthorized code execution. The campaign, tracked by Forescout as Connect:fun, utilizes ScreenConnect and Metasploit Powerfun. Organizations are urged to patch the CVE-2023-48788 vulnerability, monitor for suspicious activity, and use a web application firewall for … Read more

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

by

March 18, 2024 at 05:57AM WordPress users are advised to delete miniOrange’s Malware Scanner and Web Application Firewall plugins due to a critical security flaw, with a high CVSS score of 9.8. The flaw allows unauthenticated attackers to gain administrative privileges, leading to potential compromise of the site. Another privilege escalation flaw was found in … Read more

Discontinued Security Plugins Expose Many WordPress Sites to Takeover

by

March 15, 2024 at 08:15AM Thousands of WordPress websites are at risk due to critical vulnerabilities in two MiniOrange plugins, Malware Scanner and Web Application Firewall. The flaw allows unauthorized users to gain administrative privileges and take control of a site. Similarly, another high-severity vulnerability was found in the RegistrationMagic plugin, enabling unauthorized users to … Read more

Atlassian Customers Should Patch Latest Critical Vuln Immediately

by

November 1, 2023 at 01:05PM Atlassian has discovered a critical vulnerability in its Confluence Data Center and Server platform and is advising customers to patch it immediately. The vulnerability, CVE-2023-22518, is an improper authorization vulnerability that affects on-premises versions of Confluence. This is the second critical vulnerability found in a month. Atlassian has not detected … Read more