Cisco has released updates to fix security issues in Cisco IOS, IOS XE, and AP software that could be exploited to disrupt services. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software …
Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a Microsoft SharePoint Server vulnerability in its list of known exploited vulnerabilities due to signs of active use by attackers. CVE-2023-24955 is a critical flaw that lets a user with Site Owner access run any code they choose. “In a network-based …
Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert about making software secure by eliminating SQL injection vulnerabilities. This was in response to a recent major incident involving SQL injection that affected thousands of organizations and emphasizes how common this type of security flaw is. …
Read More »
FortiGuard Labs found a phishing campaign that tricks users into downloading a malicious Java downloader to spread new VCURMS and STRRAT remote access trojans. The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub to avoid detection. They used email as its command and control throughout …
Read More »
Apple released security updates to fix vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could use some of these vulnerabilities to take control of a system that is affected. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4 …
Read More »
CISA released two advisories on February 29, 2024. The advisories warn about security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-060-01 Delta Electronics CNCSoft-B ICSMA-24-060-01 MicroDicom DICOM Viewer EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerability: Stack-based Buffer Overflow RISK …
Read More »
CISA and the UK’s NCSC released a joint advisory about new tactics of Russian Foreign Intelligence Service (SVR) cyber actors. This group, also known as APT29, Midnight Blizzard, the Dukes or Cozy Bear, has been identified by the US as a cyber-espionage entity linked to the Russian SVR intelligence agency. …
Read More »
A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites. The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers. WordPress security company Wordfence …
Read More »
IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …
Read More »
Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …
Read More »
InfoSecBulletin Cybersecurity for mankind
