Wednesday , May 22 2024

Alert

CISA ALERT
CISA Warns Exploiting NextGen Healthcare Mirth Connect Flaw

CISA

The US cybersecurity agency, CISA, added a flaw in NextGen Healthcare’s Mirth Connect product to its catalog of Known Exploited Vulnerabilities (KEV). A vulnerability in the open source product, known as CVE-2023-43208, allows remote code execution without authentication due to a data deserialization problem. A patch was rolled out with …

Read More »

ALERT
CISA issued Seventeen Industrial Control Systems Advisories

monitor

CISA issued seventeen advisories about Industrial Control Systems (ICS) on May 16, 2024. These advisories give important information about security problems, weaknesses, and attacks related to ICS. ICSA-24-137-01 Siemens Parasolid ICSA-24-137-02 Siemens SICAM Products ICSA-24-137-03 Siemens Teamcenter Visualization and JT2Go ICSA-24-137-04 Siemens Polarion ALM ICSA-24-137-05 Siemens Simcenter Nastran ICSA-24-137-06 Siemens …

Read More »

ALERT CISA WARNS
Black Basta ransomware breached over 500 orgs worldwide

black basta

CISA, FBI, HHS, and MS-ISAC released a joint Cybersecurity Advisory called #StopRansomware: Black Basta. It provides tactics, techniques, procedures, and indicators of compromise used by Black Basta ransomware affiliates, identified through FBI investigations and third-party reporting. Black Basta is a type of ransomware called ransomware-as-a-service (RaaS). It was discovered in …

Read More »

Xiaomi Android Devices Hit by Multiple Flaws

Xaomi

Researchers found multiple vulnerabilities in various applications and system components on Xiaomi devices. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” The Hacker News report reads. …

Read More »

ALERT
Oracle released April 2024 Critical Patch, 441 new security patches

Oracle

Oracle announced 441 new security patches for its April 2024 Critical Patch Update, with over 200 of them fixing flaws that could be exploited by remote, unauthenticated attackers. Oracle’s advisory reported that about 230 unique CVEs were found in Oracle’s April 2024 CPU, with over 30 security patches addressing critical-severity …

Read More »

CISA Releases Four Industrial Control Systems Advisories

cisa

CISA released four advisories about Industrial Control Systems (ICS) on April 16, 2024. They contain important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-107-01 Measuresoft ScadaPro ICSA-24-107-02 Electrolink FM/DAB/TV Transmitter ICSA-24-107-03 Rockwell Automation ControlLogix and GuardLogix ICSA-24-107-04 RoboDK RoboDK CISA encourages users and administrators to review the …

Read More »

ALERT
Bitdefender Critical Vulns Let Attackers Gain Control Over System

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression. Bitdefender’s GravityZone: Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges. Bitdefender …

Read More »

ZERO DAY ALERT
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

Palo alto

A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software. It is being used by attackers, but there are no patches to fix it yet. Palo Alto Networks issued an alert on April 12, 2024, thanking cybersecurity firm Volexity for discovering the flaw. There is a command injection vulnerability in …

Read More »

CISA immediately orders agencies to mitigate risk impacted by Microsoft hack

CISA

CISA has ordered U.S. federal agencies to address risks from the breach of multiple Microsoft email accounts by the Russian APT29 hacking group. Emergency Directive 24-02 requires Federal Civilian Executive Branch (FCEB) agencies to investigate affected emails, reset any compromised credentials, and secure privileged Microsoft Azure accounts. CISA reports that …

Read More »