Over 48,000 SonicWall devices are still vulnerable to a serious security flaw, putting organizations worldwide at risk of ransomware attacks. The CVE-2024-40766 vulnerability was disclosed in September 2024 and is actively exploited by ransomware groups Akira and Fog. CVE-2024-40766 is a serious access control vulnerability in SonicWall’s SonicOS, used in …
Read More »CVE-2024-40766
3.3 Million Email Server Expose User Passwords and Messages in Plain Text
Around 3.3 million servers are running POP3/IMAP email services without encryption (TLS) enabled, the Shadowserver Foundation, a nonprofit security organization, has discovered. Most of these servers reside in the US, Germany, and Poland. POP3 (Post Office Protocol version 3) is an aging protocol used by email clients to retrieve emails …
Read More »PoC Exploited Released for Oracle Weblogic Server Vul
Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic Server. The flaw tracked as CVE-2024-21182, poses a significant risk to organizations using the server, as it allows an unauthenticated attacker with network access to compromise the targeted system. The …
Read More »
CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls
Northwave Cyber Security has found a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls. Northwave researcher claimed the backdoor was found during a forensic investigation of a compromised Palo Alto Networks device. Attackers exploited a recently disclosed vulnerability (CVE-2024-9474) to enter the system and deploy a malicious script called bwmupdate, …
Read More »
CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available
Adobe has issued urgent security updates for ColdFusion versions 2023 and 2021 to fix a critical vulnerability (CVE-2024-53961). This flaw allows attackers to read arbitrary files from the system, risking exposure of sensitive data and configuration files. It results from improper path limitations, enabling unauthorized access outside the intended directory. …
Read More »Eight New ICS Advisories released by CISA
CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in different industries, risking service disruptions, unauthorized access, and malicious code execution. ICSA-24-354-01 Hitachi Energy RTU500 series CMU ICSA-24-354-02 Hitachi Energy SDM600 ICSA-24-354-03 Delta Electronics DTM Soft ICSA-24-354-04 Siemens User Management …
Read More »
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
Sophos has fixed three separate security vulnerabilities in Sophos Firewall. The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such as remote code execution and privilege escalation. Applies to the following Sophos product(s) and version(s): Sophos Firewall v21.0 GA and earlier No action is needed for Sophos Firewall customers who …
Read More »
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
Kaspersky’s Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient EMS, affecting versions 7.0.1 to 7.0.10 and 7.2.0 to 7.2.2. Even with available patches, many systems remain unupdated, allowing unauthorized code execution and compromise of networks. According to the report, …
Read More »New Windows zero-day: Exposes credentials, Gets unofficial patch
A newly found zero-day vulnerability lets attackers steal NTLM credentials by manipulating targets into opening a malicious file in Windows Explorer. The 0patch team found a flaw and reported it to Microsoft, but no official fix has been released yet. 0patch reports that the issue affects all Windows versions from …
Read More »Multiple ICS Advisories Released by CISA
On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities, and exploits in ICS. Vulnerabilities found in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s WGS-804HPT switch could severely threaten critical infrastructure if exploited. ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software: …
Read More »
InfoSecBulletin Cybersecurity for mankind