Wednesday , September 17 2025
zimbra

CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

infosecbulletin Friday , October 4 2024 Vulnerabilities

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM). Organizations using these products are urged to mitigate potential risks immediately.

CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability:

Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka

By infosecbulletin / Wednesday , September 17 2025
Check point, a cyber security solutions provider hosts an event titled "securing the hyperconnected world in the AI era" at...
Read More
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka

Microsoft Confirms 900+ XSS Vulns Found in IT Services

By infosecbulletin / Tuesday , September 16 2025
Cross-Site Scripting (XSS) is one of the oldest and most persistent vulnerabilities in modern applications. Despite being recognized for over...
Read More
Microsoft Confirms 900+ XSS Vulns Found in IT Services

Daily Security Update Dated : 15.09.2025

By infosecbulletin / Monday , September 15 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.09.2025

IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions

By infosecbulletin / Monday , September 15 2025
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users...
Read More
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions

Major Australian Banks using Army of AI Bots to Scam Scammers

By infosecbulletin / Monday , September 15 2025
Australian banks are now using bots to combat scammers. These bots mimic potential victims to gather real-time information and drain...
Read More
Major Australian Banks using Army of AI Bots to Scam Scammers

F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

By infosecbulletin / Saturday , September 13 2025
F5 plans to acquire CalypsoAI, which offers adaptive AI security solutions. CalypsoAI's technology will be added to F5's Application Delivery...
Read More
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

By infosecbulletin / Saturday , September 13 2025
The Villager framework, an AI-powered penetration testing tool, integrates Kali Linux tools with DeepSeek AI to automate cyber attack processes....
Read More
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks

By infosecbulletin / Saturday , September 13 2025
Samsung released its monthly Android security updates, addressing a vulnerability exploited in zero-day attacks. CVE-2025-21043 (CVSS score: 8.8) is a...
Read More
CVE-2025-21043 Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks

Albania appoints world’s first AI minister, “Diella” to Tackle Corruption

By infosecbulletin / Saturday , September 13 2025
Albania has appointed the first AI-generated government minister to help eliminate corruption. Diella, the digital assistant meaning Sun, has been...
Read More
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption

L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks

By infosecbulletin / Thursday , September 11 2025
On September 1, 2025, Qrator Lab identified and managed a major attack from the largest L7 DDoS botnet seen so...
Read More
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks

A new vulnerability, CVE-2024-45519, has been found in the Synacor Zimbra Collaboration platform. It affects the postjournal service and could let unauthenticated users run commands remotely.

It’s unclear if this vulnerability has been used in ransomware attacks, but the risk of misuse is high. Organizations using Zimbra Collaboration should follow the mitigation recommendations from Synacor.

If mitigations are not available, it’s strongly advised to stop using the product. CISA has set a deadline for remediation by October 24, 2024, highlighting the urgency.

CVE-2024-29824: Ivanti Endpoint Manager SQL Injection Vulnerability:

The Ivanti Endpoint Manager (EPM) is at risk because of a SQL injection vulnerability called CVE-2024-29824.

This vulnerability lets unauthenticated attackers on the same network execute arbitrary code on the Core server. Like the Zimbra issue, there’s no evidence of it being exploited in ransomware attacks yet, but the risk is still significant.

Ivanti has provided guidance to address this vulnerability, and organizations should follow it quickly. The deadline to implement these measures is October 23, 2024.

CISA’s alert emphasizes the serious nature of these vulnerabilities and their potential global impact on organizations.

Synacor and Ivanti emphasize the need for quick action to safeguard sensitive data and ensure operational integrity.

Check Also

81 flaws

Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days

Microsoft patched September 2025 Patch Tuesday 81 flaws, including two publicly disclosed zero-day vulnerabilities. This …

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin