Ivanti has issued a warning regarding two new high-severity vulnerabilities in its Connect Secure and Policy secure solutions, identified as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2) respectively. Furthermore, the company has alerted that one of these vulnerabilities is actively being exploited in the wild. The vulnerability CVE-2024-21888 …
Read More »Juniper Networks Releases Urgent Junos OS Updates
Juniper Networks released updates to fix high-severity vulnerabilities in SRX Series and EX Series. These vulnerabilities could be exploited by attackers to gain control of vulnerable systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. There are vulnerabilities …
Read More »
Pwn2Own
$1.3M for 49 zero-days, Tesla hacked twice
In the Pwn2Own Automotive first edition, competitors earned $1,323,750 by hacking Tesla twice and demonstrating 49 zero-day bugs in various electric car systems from January 24 to January 26. Hackers targeted electric vehicle chargers, infotainment systems, and car operating systems during a contest organized by Trend Micro’s Zero Day Initiative …
Read More »Critical RCE flaw detected in Cisco’s communication software
Cisco warns that some Unified Communications Manager and Contact Center Solutions products have a critical remote code execution security vulnerability. Cisco’s Unified Communications and Contact Center Solutions offer voice, video, and messaging services, as well as customer engagement and management. The company issued a security bulletin about a vulnerability (CVE-2024-20253) …
Read More »Oracle Releases Critical Patch Update Advisory for January 2024
Oracle released a security advisory for January 2024. It fixes vulnerabilities in various products that could be exploited by hackers to take control of a system. Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it …
Read More »CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA found evidence of active exploitation for three new vulnerabilities, which have been added to their list of known exploited vulnerabilities. CVE-2023-6549: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability. It describes Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway …
Read More »Patch now: Critical VMware, Atlassian flaws found
VMware and Atlassian disclosed critical vulnerabilities today. Even though there have been no reports of misuse, administrators should update their systems as soon as possible to prevent any issues. There are two problems reported by Atlassian. The most important one is CVE-2023-22527, which is a flaw in the template system …
Read More »Atlassian released advisory for CVE-2023-22527
Tuesday (16 January) Atlassian released advisory for CVE-2023-22527 – RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server. A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Customers using an affected version …
Read More »
TrendMicro Research
CVE-2023-36025, Phemedrone Stealer exploit windows SmartScreen flaw
Cybersecurity researchers at Trend Micro discovered an exploitation of CVE-2023-36025 leading to the spread of a new type of malware called Phemedrone Stealer. Phemedrone Stealer is a malware that targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. It not only steals data, but also takes …
Read More »
Bishopfox bog
Over 178k SonicWall Firewalls are Publicly Exploitable
In a blog post BishopFox said, SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities with the potential for remote code execution. SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart and reported that no exploitation had been observed in the wild; …
Read More »