ESET Issued security patch for privilege escalation flaw in its Windows security products. This flaw, called CVE-2024-2003 (CVSS 7.3), was found by the Zero Day Initiative (ZDI). It could have let attackers gain access to important files and folders without permission. The vulnerability exploited ESET’s file operations while restoring quarantined …
Read More »VMware Patche vCenter Server, Cloud Foundation and vSphere ESXi
VMware has fixed critical security flaws in Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could be used for privilege escalation and remote code execution. Vulnerabilities include: CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow an unauthorized individual …
Read More »Hackers use F5 BIG-IP malware in cyber campaign for years
In late 2023, Sygnia researchers investigated a cyber incident involving a major organization that was reportedly caused by a threat group known as ‘Velvet Ant.’ The cyberspies deployed custom malware on F5 BIG-IP appliances to gain persistent access to the internal network of the target organization and steal sensitive data. …
Read More »Dahua Cameras 0day Vulnerability offer to sell
A threat actor has announced selling a 0day vulnerability for Dahua cameras. The bad actor claimed this vulnerability supposedly works with all versions of the device. The threat actor announced the vulnerability allowed unrestricted access and control of the camera and describing it as a Remote Code Execution (RCE) exploit. …
Read More »D-Link Routers Critical Backdoor Vulnerability Exposed
Taiwan’s CERT has warned about a serious security issue with D-Link wireless routers, affecting many models. This vulnerability could let attackers on the local network access the router’s Telnet service using basic administrator credentials CVE-2024-6045 Certain D-Link router models have a hidden backdoor that was recently discovered. This flaw allows …
Read More »Current web vulnerabilities in Bangladesh across vendor product line
On a report titled “Surge on Web defacement and web application related vulnerabilities targeting Bangladesh” BGD e-GOV CIRT said, web defacement attacks and the exploitation of web application vulnerabilities are a growing trend in Bangladesh. These weaknesses can be used for phishing attacks, spreading malware, and creating backdoors for continuous …
Read More »CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA added 2 new vulnerabilities to its catalog of known exploited vulnerabilities, because they have proof that these vulnerabilities are being actively exploited. CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a …
Read More »Hackers breached 20,000 FortiGate systems worldwide: MIVD
The Dutch military security service MIVD recently revealed that a cyber espionage campaign, which was initially mentioned in February, managed to gain access to around 20,000 Fortigate-secured systems between 2022 and 2023. It is now believed that this campaign “appears to be much more extensive than previously known”. The Nationaal Cyber Security …
Read More »SSRF Vulnerability Patched in Bitdefender GravityZone Console On-Premise
Bitdefender fixed a serious vulnerability (CVE-2024-4177, CVSS 8.1) in its GravityZone Console On-Premise product. This flaw, found by security researcher Nicolas Verdier (n1nj4sec), could enable attackers to carry out server-side request forgery (SSRF) attacks, possibly resulting in unauthorized access and data breaches. GravityZone Console is a security management platform by …
Read More »SOLARWINDS FIXED MULTIPLE FLAWS IN SERV-U
SolarWinds released updates to fix several security issues in Serv-U and the SolarWinds Platform. These vulnerabilities impact Platform 2024.1 SR 1 and older versions. The company fixed a security issue, known as CVE-2024-28996, reported by a penetration tester from NATO. NATO Communications and Information Agency pentester Nils Putnins discovered a …
Read More »