InfoSecBulletin Cybersecurity for mankind
Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which allows remote command execution by attackers.
CVE-2024-7591 is a flaw that allows remote, unauthenticated attackers to access Loadmaster’s management interface through a manipulated HTTP request due to improper input validation.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed,” reads the security bulletin.
“This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution.”
Loadmaster is an application delivery controller that helps large organizations to improve app performance, manage network traffic, and maintain high service availability.
The MT Hypervisor is a specialized version of Loadmaster, tailored for multi-tenant environment. It enables the concurrent operation of multiple virtual network functions on a single hardware platform.
CVE-2024-7591 affects Loadmaster version 7.2.60.0 and earlier, as well as MT Hypervisor version 7.1.35.11 and all prior releases.
