Tuesday , May 14 2024

ALERT
Bitdefender Critical Vulns Let Attackers Gain Control Over System

infosecbulletin Friday , April 12 2024 Alert, Vulnerabilities

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression.

Bitdefender’s GravityZone:

Bangladesh bank published CBS guideline Version 2.0

By infosecbulletin / Monday , May 13 2024
The banking industry in Bangladesh is the core driver in economic development of the country. The focus on inclusion and...
Read More
Bangladesh bank published CBS guideline Version 2.0

Fortinet report
Attackers exploiting vulnerabilities 50% faster, just 4.76 days

By infosecbulletin / Monday , May 13 2024
Fortinet reported that in the second half of 2023, the average time form the disclosure of a vulnerability to its...
Read More
Fortinet report Attackers exploiting vulnerabilities 50% faster, just 4.76 days

TechCrunch report
Indian gov.t sites compromised to plant online betting ads

By infosecbulletin / Sunday , May 12 2024
Indian government websites have been used by scammers to place ads that send visitors to online betting sites. TechCrunch found...
Read More
TechCrunch report Indian gov.t sites compromised to plant online betting ads

Damage Costs Predicted To Exceed $265 Billion By 2031
Ransomware expected to attack every 2 seconds by 2031

By infosecbulletin / Sunday , May 12 2024
Ransomware damage costs are predicted to exceed $265 billion by 2031, and it is expected to be the fastest growing...
Read More
Damage Costs Predicted To Exceed $265 Billion By 2031 Ransomware expected to attack every 2 seconds by 2031

ALERT CISA WARNS
Black Basta ransomware breached over 500 orgs worldwide

By infosecbulletin / Saturday , May 11 2024
CISA, FBI, HHS, and MS-ISAC released a joint Cybersecurity Advisory called #StopRansomware: Black Basta. It provides tactics, techniques, procedures, and...
Read More
ALERT CISA WARNS Black Basta ransomware breached over 500 orgs worldwide

Cyber Attack On Data Center Cooling Systems results disruption

By infosecbulletin / Saturday , May 11 2024
According to cybersecurity analysts at Dragos, while cloud adoption offers many benefits for industrial companies , it also poses certain...
Read More
Cyber Attack On Data Center Cooling Systems results disruption

Chrome Zero-Day Alert — Update Your Browser to Patch

By infosecbulletin / Friday , May 10 2024
Google released an urgent security update for Chrome browser. The update fixes a critical vulnerability that is already being exploited...
Read More
Chrome Zero-Day Alert — Update Your Browser to Patch

Dell Discloses Data Breach: 49 million customers allegedly affected

By infosecbulletin / Friday , May 10 2024
A security breach has been reported, with a threat actor claiming to be selling a database with 49 million customer...
Read More
Dell Discloses Data Breach: 49 million customers allegedly affected

BIG VULNERABILITIES IN NEXT-GEN BIG-IP

By infosecbulletin / Thursday , May 9 2024
Eclypsium recently found flaws in F5’s BIG-IP Next Central Manager, which could let attackers take control of the network. BIG-IP...
Read More
BIG VULNERABILITIES IN NEXT-GEN BIG-IP

UK confirms Ministry of Defence payroll data exposed in data breach

By infosecbulletin / Wednesday , May 8 2024
he UK government confirmed that hackers recently broke into the country's Ministry of Defence and accessed part of the Armed...
Read More
UK confirms Ministry of Defence payroll data exposed in data breach

Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges.

Bitdefender GravityZone Update Server suffers from an Incorrect Regular Expression vulnerability, which enables attackers to forge server-side requests and manipulate the update relay configuration.

A weakness in the implemented regular expression allows unauthorized modification, potentially leading to a compromise of the update relay, which impacts Bitdefender Endpoint Security for Linux (version 7.0.5.200089), Endpoint Security for Windows (version 7.9.9.380), and GravityZone Control Center (On-Premises version 6.36.1).

A critical security update has been released to address vulnerabilities (CVE-2024-2223 & CVE-2024-2224), potentially allowing attackers to escalate privileges or potentially manipulate the update server.

Users of Bitdefender Endpoint Security for Linux (version 7.0.5.200089) and Windows (version 7.9.9.380), along with those managing GravityZone Control Center (On-Premises version 6.36.1), should upgrade to the corresponding patched versions (Linux version 7.0.5.200090, Windows version 7.9.9.381, and GravityZone Control Center version 6.36.1-1) to mitigate these risks.

Bitdefender released security updates to address two vulnerabilities (CVE-2024-2223 and CVE-2024-2224) in GravityZone. These updates impact Bitdefender Endpoint Security for Linux (version 7.0.5.200089), Endpoint Security for Windows (version 7.9.9.380), and GravityZone Control Center (On-Premises version 6.36.1).

CVE-2024-2223 allows attackers to manipulate the update server through a regular expression flaw potentially.

CVE-2024-2224 is more severe, enabling privilege escalation on affected systems. Upgrading to Bitdefender Endpoint Security for Linux version 7.0.5.200090, Endpoint Security for Windows version 7.9.9.381, and GravityZone Control Center (On-Premises) version 6.36.1-1 mitigates the vulnerabilities.

Source: Bitdefendr, cybersecuritynews

 

Check Also

Dell

Dell Discloses Data Breach: 49 million customers allegedly affected

A security breach has been reported, with a threat actor claiming to be selling a …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin