Sunday , December 22 2024

Vulnerabilities

Exploit released for Fortinet RCE bug used in attacks, patch now it

fortinet

Security researchers created a demonstration of a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software. The security flaw CVE-2023-48788 is an SQL injection in the DB2 Administration Server (DAS) discovered and reported by the UK’s National Cyber Security Centre (NCSC). It impacts FortiClient EMS versions 7.0 (7.0.1-7.0.10) and …

Read More »

Microsoft addresses 59 CVEs its March 2024 Patch Tuesday

patch tuesday

No vulnerabilities being exploited this month- Microsoft’s security update for February 2024. March’s Patch Tuesday is not as severe as previous months. It addresses 60 vulnerabilities, with only two labeled as “critical.” In comparison, last month had over 70 security vulnerabilities. January and December had even fewer vulnerabilities, particularly when compared …

Read More »

0/1 click Facebook account takeover; Nepalis talent rewarded

Meta ranked Nepal’s cyber security researcher Samip Aryal first in the White Hack (Hall of Fame) for finding a vulnerability that could hack accounts with one click. This happened on Friday. Samip Aryal informed a Nepali media outlet about discovering a vulnerability in Facebook that could allow for an ‘account …

Read More »

CISA Releases One Industrial Control Systems Advisory

CISA

CISA published an advisory about Industrial Control Systems (ICS) on February 22, 2024, to inform about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft:  EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element RISK EVALUATION …

Read More »

CISA Warn: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

Akira

The US cybersecurity agency, CISA, added a security flaw in Cisco’s ASA and FTD software to its list of known exploited vulnerabilities following reports that it’s being likely exploited in Akira ransomware attacks. The vulnerability is CVE-2020-3259, with a high severity level (CVSS score: 7.5). It allows attackers to access …

Read More »

New Wi-Fi Auth Bypass Flaws Expose Home, Enterprise Networks

router

New Wi-Fi authentication bypass vulnerabilities were discovered in open source software. These vulnerabilities could put both enterprise and home networks at risk of attacks. Mathy Vanhoef, a professor at the KU Leuven research university in Belgium, and Heloise Gollier, a student at KU Leuven, discovered the vulnerabilities in collaboration with …

Read More »

Microsoft Fixes Two Zero-Days in February Patch Tuesday

Microsoft

Microsoft released updates for 73 vulnerabilities, including two zero-day flaws being actively exploited, which makes for a busy February for system administrators. In February’s Patch Tuesday update, there were fixes for five critical vulnerabilities and 30 remote code execution flaws. However, the two zero-day vulnerabilities were security feature bypass bugs. …

Read More »