Tuesday , December 24 2024

infosecbulletin

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Geoserver

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8. The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published …

Read More »

IMB unveils multiple vulnerabilities in it’s webMethods Integration

IBM

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands on affected systems. Those published vulnerabilities have been identified in version 10.15 of the software which pose a severe risk for the organizations to integrate and API management. CVE-2024-45076 has …

Read More »

Progress LoadMaster exposed to a critical 10/10 vulnerability

progress

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which allows remote command execution by attackers. CVE-2024-7591 is a flaw that allows remote, unauthenticated attackers to access Loadmaster’s management interface through a manipulated HTTP request due to improper input validation. …

Read More »

Cisco released security updates for two critical security flaws

CISCO

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges. A brief description of the two vulnerabilities is below – CVE-2024-20439 (CVSS score: 9.8): The presence of an undisclosed static user credential that an attacker could …

Read More »

OpenBAS: Cutting-edge breach and attack simulation platform

KEY

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS is a modern web application that follows ISO 22398 standards. It has a user-friendly interface and a RESTful API. The platform has different modules, such as scenarios, team management, simulations, …

Read More »

Critical Security Flaws Patched in Zyxel Networking Devices

Router

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions. This flaw could allow the execution of unauthorized commands. The vulnerability known as CVE-2024-7261 (CVSS score: 9.8) involves an operating system (OS) command injection. “The improper neutralization of special elements …

Read More »

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Palo alto

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit these vulnerabilities to access systems without permission, steal important information, and potentially run harmful code. Vulnerabilities in Palo Alto Networks: The vulnerabilities include CVE-2024-5915, CVE-2024-5916, and CVE-2024-5914. GlobalProtect App: Privilege …

Read More »

How Malaysia’s Data Centre Industry Poised for Growth

Data center

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million) in revenue by 2025, compared to RM2.09 billion (US$462 million) in 2022. The growth is driven by investments and expansions by major technology companies, showcasing Malaysia’s increasing importance in the …

Read More »

RansomHub exfiltrated data over 210 victims: US alert

Ransomhub

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data from at least 210 victims using encryption and double extortion techniques. The group targeted various organizations, including healthcare, IT, government, emergency services, food and agriculture, and water and wastewater. They …

Read More »