Vulnerabilities

Trend Micro released a security update for Deep Security 20 Agent Manual Scan Command Injection RCE Vulnerability (CVE-2024-51503) that resolves a manual scan command injection remote code execution (RCE) vulnerability. On 18 November, Trend Micro released the update Severity rating level “High”, CVSS 3.0 score: 8.0. Vulnerability Details: CVE-2024-51503: Security …

Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day vulnerabilities actively being exploited in the wild. The flaws are listed below: CVE-2024-44309 : A vulnerability in cookie handling that could allow a cross-site scripting (XSS) attack when processing harmful …

“Sarcoma” ransomware group attacked a well known Bangladeshi insurance company named “Popular life insurance company ltd”. The threat actor keeps an option to release the full data if their demand doesn’t meet up within 5 days. According to the threat actor, approximately 36 GB of data, including attachments and SQL …

The Wall Street Journal reported on Friday citing people familiar with the matter that T-Mobile’s network was among the systems hacked in a damaging Chinese cyber-espionage operation that successfully gained entry into multiple U.S. and international telecommunications companies. Hackers were able to breach T-Mobile as part of a monthslong campaign …

“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet. We are actively investigating this activity,” reads the security bulletin by the cybersecurity provider Palo Alto Networks. On November 8, Palo Alto …

A significant security flaw, CVE-2024-52301, has been found in the Laravel framework, which is widely used for web applications. With a CVSS rating of 8.7, this vulnerability could allow unauthorized access, data tampering, and privilege escalation in many Laravel applications. CVE-2024-52301 pertains to inadequate input validation in Laravel’s environment configuration. …

Microsoft’s latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited. This patch release highlights the need for timely updates to guard against cyber threats. Zero-Day Vulnerabilities Patched: The four zero-day vulnerabilities patched in this update include two that attackers have …

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-312-01 Beckhoff Automation TwinCAT Package Manager: CISA has identified a serious vulnerability in Beckhoff Automation’s TwinCAT Package Manager, a key software in manufacturing. The flaw, called CVE-2024-8934, relates to …

A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping for several hours. According to Times of Israel, The incident occurred less than two weeks after a similar attack briefly disrupted another credit services company. In Sunday’s incident, a DDoS …