Sunday , December 22 2024

Vulnerabilities

Explore the Latest Monthly Vulnerabilities Report: May 2024

calender

The very month May-2024 is observed a significant increase in cybersecurity vulnerabilities across various software and operating systems. Many of these vulnerabilities have the potential to be exploited by malicious actors, posing a serious risk to organizations and individuals alike. It is crucial for organizations to stay vigilant and prioritize …

Read More »

Zyxel Releases Patches for Firmware Vulnerabilities

zyxel

Zyxel has released patches addressing command injection and remote code execution vulnerabilities in two NAS products that have reached end-of-vulnerability-support. Users are advised to install them for optimal protection. Three out of five vulnerabilities could allow an unauthorized attacker to run operating system commands and arbitrary code on affected installations. …

Read More »

CISA Adds ORACLE WEBLOGIC SERVER FLAW TO ITS KEV

oracle

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog. CVE-2017-3506 is an operating system (OS) command injection vulnerability which could be exploited to obtain unauthorized access as well as the full control. “Oracle WebLogic Server, a product within the …

Read More »

ALERT
NGINX Releases Security Updates: HTTP/3 Vulnerabilities Patched

NGINX

NGINX team released important updates for their web server software and is advising users to upgrade as soon as possible. The updates fix four important vulnerabilities in the HTTP/3 implementation, especially affecting configurations using the “ngx_http_v3_module.” CVE-2024-32760: A vulnerability in NGINX Plus or NGINX OSS causes HTTP/3 QUIC module to …

Read More »

First American December data breach impacts 44,000 people

In December 2023, The First American Financial Corporation, a major title insurance company in the US, experienced a cyberattack. This resulted in the personal information of approximately 44,000 individuals being exposed. The company disclosed this data breach to the US Securities and Exchange Commission (SEC) on May 28, 2024. This …

Read More »

Exploit released for maximum severity RCE In FORTINET SIEM

fortinet

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Horizon3’s Attack Team released a demonstration of a security vulnerability, identified as CVE-2024-23108, in Fortinet’s SIEM solution. This vulnerability allows attackers to run commands as the most powerful user on publicly accessible FortiSIEM devices. …

Read More »