InfoSecBulletin Cybersecurity for mankind
The CTO of Razz Security, Mukesh, recently exploited CI/CD pipelines to gain full server access which has its origins in the presence of an exposed .git directory on a publicly available web server. For this flaw, anyone could read and download the entire version control. It is examined that, this …
Read More »TimeLine Layout
September, 2024
-
10 September
Hacker to exploite GeoServer Vulnerability to Deploy Malware
Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8. The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published …
Read More » -
9 September
IMB unveils multiple vulnerabilities in it’s webMethods Integration
Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands on affected systems. Those published vulnerabilities have been identified in version 10.15 of the software which pose a severe risk for the organizations to integrate and API management. CVE-2024-45076 has …
Read More » -
8 September
Progress LoadMaster exposed to a critical 10/10 vulnerability
Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which allows remote command execution by attackers. CVE-2024-7591 is a flaw that allows remote, unauthenticated attackers to access Loadmaster’s management interface through a manipulated HTTP request due to improper input validation. …
Read More » -
5 September
Cisco released security updates for two critical security flaws
CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges. A brief description of the two vulnerabilities is below – CVE-2024-20439 (CVSS score: 9.8): The presence of an undisclosed static user credential that an attacker could …
Read More » -
4 September
OpenBAS: Cutting-edge breach and attack simulation platform
OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS is a modern web application that follows ISO 22398 standards. It has a user-friendly interface and a RESTful API. The platform has different modules, such as scenarios, team management, simulations, …
Read More » -
4 September
Critical Security Flaws Patched in Zyxel Networking Devices
Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions. This flaw could allow the execution of unauthorized commands. The vulnerability known as CVE-2024-7261 (CVSS score: 9.8) involves an operating system (OS) command injection. “The improper neutralization of special elements …
Read More » -
3 September
CVE-2024-38811: CEV In VMware Fusion Unveiled
VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by attackers to run malicious code. CVE-2024-38811 is a vulnerability caused by using an insecure environment variable in the application, with a CVSSv3 score of 8.8, making it important. VMware Fusion …
Read More » -
3 September
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications
Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit these vulnerabilities to access systems without permission, steal important information, and potentially run harmful code. Vulnerabilities in Palo Alto Networks: The vulnerabilities include CVE-2024-5915, CVE-2024-5916, and CVE-2024-5914. GlobalProtect App: Privilege …
Read More » -
3 September
How Malaysia’s Data Centre Industry Poised for Growth
Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million) in revenue by 2025, compared to RM2.09 billion (US$462 million) in 2022. The growth is driven by investments and expansions by major technology companies, showcasing Malaysia’s increasing importance in the …
Read More »
