Alert

OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm. CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage …

Citrix has warned users about severe vulnerabilities in their widely-used NetScaler products. These vulnerabilities, known as CVE-2024-6235 and CVE-2024-6236, could potentially allow unauthorized access to sensitive information and cause denial-of-service (DoS) attacks. CVE-2024-6235: Sensitive Information Disclosure (Critical Severity) The flaw in the NetScaler Console (previously known as NetScaler ADM) is …

FortiGuard Labs found an attack that uses the CVE-2021-40444 vulnerability in Microsoft Office. This flaw lets attackers run harmful code through specific documents. The attack deployed a spyware called “MerkSpy” which secretly watches user activities, collects sensitive information, and stays on compromised systems. The attack starts with a harmless-looking Microsoft …

CISA issued seven advisories about Industrial Control Systems (ICS) on June 27, 2024. These advisories aim to give prompt information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-179-01 TELSAT marKoni FM Transmitter ICSA-24-179-02 SDG Technologies PnPSCADA ICSA-24-179-03 Yokogawa FAST/TOOLS and CI Server ICSA-24-179-04 Johnson Controls Illustra Essentials Gen …

CISA released two advisories about Industrial Control Systems (ICS) on June 25, 2024. The advisories contain important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-177-01 ABB Ability System 800xA: Successful exploitation of these vulnerabilities could cause services to crash and restart. ICSA-24-177-02 PTC Creo Elements/Direct License Server: …

On June 18, 2024, CISA released an advisory about Industrial Control Systems (ICS). These advisories give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-170-01 RAD Data Communications SecFlow-2: Successful exploitation of this vulnerability could allow an attacker to obtain files from the operating system by crafting …

VMware has fixed critical security flaws in Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could be used for privilege escalation and remote code execution. Vulnerabilities include: CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow an unauthorized individual …

A threat actor has announced selling a 0day vulnerability for Dahua cameras. The bad actor claimed this vulnerability supposedly works with all versions of the device. The threat actor announced the vulnerability allowed unrestricted access and control of the camera and describing it as a Remote Code Execution (RCE) exploit. …

Asus has released a crucial firmware update to address a severe vulnerability that impacts seven of its business router model. Customers are urged to promptly review their firmware status and apply the necessary updates. The flaw CVE: 2024-3080 with a CVSS score of 9.8 is an authentication bypass vulnerability that …

Proofpoint found a fake website selling tickets for the Paris 2024 Summer Olympic Games. The website, “paris24tickets[.]com,” claimed to be a secondary marketplace for sports and live event tickets. It appeared as the second sponsored search result on Google, right after the official website, when searching for “Paris 2024 tickets” …