Thursday , December 26 2024
CISA

CISA Includes Three Recently Exploited Vulnerabilities in Catalog

infosecbulletin Tuesday , July 30 2024 Uncategorized

CISA added three new vulnerabilities to its KEV catalog of actively exploited vulnerabilities.

CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability:
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

BCSI officially announce National Vulnerability Disclosure Program (NVDP)

By infosecbulletin / Wednesday , December 25 2024
Bangladesh Cyber Security Intelligence (BCSI) officially launch the National Vulnerability Disclosure Program (NVDP) to enhance the country's cybersecurity. This initiative...
Read More
BCSI officially announce National Vulnerability Disclosure Program (NVDP)

CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls

By infosecbulletin / Wednesday , December 25 2024
Northwave Cyber Security has found a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls. Northwave researcher claimed the backdoor was...
Read More
CVE-2024-9474 Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls

New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

By infosecbulletin / Tuesday , December 24 2024
A newly discovered vulnerability called "G-Door" enables malicious actors to bypass Microsoft 365 security by exploiting unmanaged Google Docs accounts....
Read More
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available

By infosecbulletin / Tuesday , December 24 2024
Adobe has issued urgent security updates for ColdFusion versions 2023 and 2021 to fix a critical vulnerability (CVE-2024-53961). This flaw...
Read More
CVE-2024-53961 Adobe alerts of critical ColdFusion bug with PoC exploit available

Splunk targets Bangladeshi market: Investing in local talent

By infosecbulletin / Monday , December 23 2024
Splunk, a unified security and observability platform turn its focuses on Bangladeshi market. On Monday (23 December) Splunk's local partner...
Read More
Splunk targets Bangladeshi market: Investing in local talent

Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

By infosecbulletin / Sunday , December 22 2024
A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

By infosecbulletin / Sunday , December 22 2024
Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Eight New ICS Advisories released by CISA

By infosecbulletin / Saturday , December 21 2024
CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Eight New ICS Advisories released by CISA

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

By infosecbulletin / Friday , December 20 2024
Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
Authority Denies Hacker claim ransomware attack on Indonesia’s state bank BRI

London-based company “Builder.ai” reportedly exposed 1.2 TB data

By infosecbulletin / Friday , December 20 2024
Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
London-based company “Builder.ai” reportedly exposed 1.2 TB data

CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability:
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

CVE-2023-45249 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability:
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Check Also

Bitcoin ATM

GitLab flaw allow Bitcoin ATM giant “Byte Federal” hacked

TechCrunch reports that Byte Federal, a major Bitcoin ATM operator in the U.S., has experienced …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin