Vulnerabilities

VMware advises users to remove the outdated Enhanced Authentication Plugin (EAP) due to the discovery of a serious authentication relay vulnerability, known as CVE-2024-22245 (CVSS score: 9.6). A person who intends to harm could deceive a domain user with EAP installed in their web browser. This deception could lead the …

The US cybersecurity agency, CISA, added a security flaw in Cisco’s ASA and FTD software to its list of known exploited vulnerabilities following reports that it’s being likely exploited in Akira ransomware attacks. The vulnerability is CVE-2020-3259, with a high severity level (CVSS score: 7.5). It allows attackers to access …

Microsoft released updates for 73 vulnerabilities, including two zero-day flaws being actively exploited, which makes for a busy February for system administrators. In February’s Patch Tuesday update, there were fixes for five critical vulnerabilities and 30 remote code execution flaws. However, the two zero-day vulnerabilities were security feature bypass bugs. …

Fortinet warns about a new critical vulnerability in FortiOS SSL VPN that could be used in attacks. The flaw, known as CVE-2024-21762 / FG-IR-24-015, has a severity rating of 9.6. It is an out-of-bounds write vulnerability in FortiOS. This vulnerability enables unauthenticated attackers to execute remote code by using malicious …

Ivanti has issued a warning regarding two new high-severity vulnerabilities in its Connect Secure and Policy secure solutions, identified as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2) respectively. Furthermore, the company has alerted that one of these vulnerabilities is actively being exploited in the wild. The vulnerability CVE-2024-21888 …

Juniper Networks released updates to fix high-severity vulnerabilities in SRX Series and EX Series. These vulnerabilities could be exploited by attackers to gain control of vulnerable systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. There are vulnerabilities …

In the Pwn2Own Automotive first edition, competitors earned $1,323,750 by hacking Tesla twice and demonstrating 49 zero-day bugs in various electric car systems from January 24 to January 26. Hackers targeted electric vehicle chargers, infotainment systems, and car operating systems during a contest organized by Trend Micro’s Zero Day Initiative …

Cisco warns that some Unified Communications Manager and Contact Center Solutions products have a critical remote code execution security vulnerability. Cisco’s Unified Communications and Contact Center Solutions offer voice, video, and messaging services, as well as customer engagement and management. The company issued a security bulletin about a vulnerability (CVE-2024-20253) …

Oracle released a security advisory for January 2024. It fixes vulnerabilities in various products that could be exploited by hackers to take control of a system. Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it …