Sunday , December 22 2024

Vulnerabilities

FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing

fortinet

A vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw is identified as FG-23-225 which allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets. According to the advisory published by Fortinet, An insufficient verification of data authenticity vulnerability [CWE-345] in …

Read More »

Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days

patch tuesday

Microsoft patched May 2024 Tuesday including updates for 61 flaws and three publicly disclosed zero days. This update fixed Microsoft SharePoint Server Remote Code Execution Vulnerability. Category wise vulnerabilities are listed below: 17 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 27 Remote Code Execution Vulnerabilities 7 Information Disclosure …

Read More »

Samsung mobile devices 25 flaws patched

Samsung

Samsung has patched 25 vulnerabilities in its mobile devices. This is to strengthen them against code execution and privilege escalation attacks. Samsung is continuously working to improve the security of its smartphones and tablets, protecting the safety and privacy of its users. Samsung recently disclosed vulnerabilities, known as Samsung Vulnerabilities …

Read More »

Outpost24 report
Cybersecurity Loopholes in Paris 2024 Olympics Infrastructure

Paris

The 2024 Olympic Games in Paris are coming soon. A recent cybersecurity assessment by Outpost24, a provider of cyber threat exposure management solutions, has raised concerns about the online infrastructure of the games. Outpost24 has identified critical vulnerabilities in the security posture, despite it being considered “mostly secure”. These vulnerabilities …

Read More »

Xiaomi Android Devices Hit by Multiple Flaws

Xaomi

Researchers found multiple vulnerabilities in various applications and system components on Xiaomi devices. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data,” The Hacker News report reads. …

Read More »

CISA
GitLab account takeover bug is actively exploited in attacks

Gitlab

The U.S. federal agency CISA has included CVE-2023-7028 in its Known Exploited Vulnerabilities Catalog. This means that the vulnerability is currently being targeted by attackers. CISA has instructed federal agencies to protect their systems by May 22, giving them a deadline of three weeks. The U.S. cybersecurity agency hasn’t shared …

Read More »