A vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw is identified as FG-23-225 which allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets. According to the advisory published by Fortinet, An insufficient verification of data authenticity vulnerability [CWE-345] in …
Read More »
Microsoft patched May 2024 Tuesday including updates for 61 flaws and three publicly disclosed zero days. This update fixed Microsoft SharePoint Server Remote Code Execution Vulnerability. Category wise vulnerabilities are listed below: 17 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 27 Remote Code Execution Vulnerabilities 7 Information Disclosure …
Read More »
Fortinet reported that in the second half of 2023, the average time form the disclosure of a vulnerability to its active exploitation in the wild decreased to just 4.76 days a 43% reduction compared to the 1st half of the year. Fortinet’s 2H Global landscape report indicate that hackers to …
Read More »
Google released an urgent security update for Chrome browser. The update fixes a critical vulnerability that is already being exploited by hackers. The vulnerability, known as CVE-2024-4671, is a bug in the browser’s Visuals component. CVE-2024-4671 is a type of vulnerability referred to as “use after free” in the Visuals …
Read More »
A security breach has been reported, with a threat actor claiming to be selling a database with 49 million customer records from Dell. The data includes information on systems bought from Dell between 2017 and 2024. According to Daily dark web, recent data obtained from Dell servers includes sensitive personal …
Read More »
Eclypsium recently found flaws in F5’s BIG-IP Next Central Manager, which could let attackers take control of the network. BIG-IP is a product line from F5 that includes software and hardware for managing, securing, and optimizing applications across networks. The Next Central Manager is a key control point for tasks …
Read More »
Samsung has patched 25 vulnerabilities in its mobile devices. This is to strengthen them against code execution and privilege escalation attacks. Samsung is continuously working to improve the security of its smartphones and tablets, protecting the safety and privacy of its users. Samsung recently disclosed vulnerabilities, known as Samsung Vulnerabilities …
Read More »
The 2024 Olympic Games in Paris are coming soon. A recent cybersecurity assessment by Outpost24, a provider of cyber threat exposure management solutions, has raised concerns about the online infrastructure of the games. Outpost24 has identified critical vulnerabilities in the security posture, despite it being considered “mostly secure”. These vulnerabilities …
Read More »
Researchers found multiple vulnerabilities in various applications and system components on Xiaomi devices. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” The Hacker News report reads. …
Read More »
The U.S. federal agency CISA has included CVE-2023-7028 in its Known Exploited Vulnerabilities Catalog. This means that the vulnerability is currently being targeted by attackers. CISA has instructed federal agencies to protect their systems by May 22, giving them a deadline of three weeks. The U.S. cybersecurity agency hasn’t shared …
Read More »
InfoSecBulletin Cybersecurity for mankind