InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks has issued a critical security advisory outlining numerous vulnerabilities across its product lines, such as PAN-OS, Cortex XDR, and Expedition. These weaknesses vary in severity and potential impact, but collectively present a significant risk to organizations that depend on Palo Alto’s solutions. CVE-2024-5910: Missing Authentication in Expedition …
Read More »TimeLine Layout
July, 2024
-
11 July
Vulnerabilities in GitLab Allows Attackers to Execute Unauthorized Pipelines
GitLab has issued a warning about a serious vulnerability in its GitLab Community and Enterprise editions. This vulnerability allows attackers to execute pipeline jobs as if they were another user. GitLab’s DevSecOps platform is used by more than 30 million registered users, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, …
Read More » -
11 July
Adobe Issues Critical Security Patches for Various Products
Adobe released security updates to fix several vulnerabilities in their software. These vulnerabilities could be used by cyber attackers to gain control of a system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply necessary updates: Security Updates Available for Adobe Premiere Pro | APSB24-46: …
Read More » -
11 July
CISA Warns Hacker Use OS Command Injection Vulnerabilities to Compromise Systems
OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm. CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage …
Read More » -
11 July
Pakistan allows spy agency to intercept phone messages, calls
The Pakistan Ministry of Information Technology and Telecommunication has given permission to the Inter-Services Intelligence (ISI) to intercept citizens’ phone communications for national security reasons. Issued on Monday, the ministry’s notification — a copy of which is available with Dawn.com — said that the authorisation was granted to the ISI …
Read More » -
10 July
Citrix Issues Critical Security Advisory for NetScaler
Citrix has warned users about severe vulnerabilities in their widely-used NetScaler products. These vulnerabilities, known as CVE-2024-6235 and CVE-2024-6236, could potentially allow unauthorized access to sensitive information and cause denial-of-service (DoS) attacks. CVE-2024-6235: Sensitive Information Disclosure (Critical Severity) The flaw in the NetScaler Console (previously known as NetScaler ADM) is …
Read More » -
10 July
(CVE-2024-38080, CVE-2024-38112)
Microsoft July Patch Tuesday fixes 142 flaws, 4 zero-days
Microsoft’s July 2024 Patch Tuesday includes security updates for 142 flaws, including two zero-days that are actively exploited and two that are publicly disclosed. This Patch Tuesday fixed five critical vulnerabilities, all of which were remote code execution flaws. July 2024 Patch Tuesday Breakdown: Here is the breakdown of vulnerabilities …
Read More » -
9 July
EXCLUSIVE
Analysis of 3 Ransomware Threats Active Right Now
Three emerging threats will be discussed below, along with how sandbox analysis can be utilized to detect them proactively. Lockbit Ransomware: The Lockbit ransomware is a major cybersecurity threat that appeared in 2019. It works as Ransomware-as-a-Service (RaaS), where affiliates use its software to carry out attacks. The Royal Mail …
Read More » -
9 July
AVAST RELEASED DECRYPTOR FOR DONEX RANSOMWARE
Avast researchers found a security flaw in the DoNex ransomware and its previous versions, which allowed them to create a tool to decrypt the files. They shared this discovery at the Recon 2024 conference. Avast released a free decryptor in March 2024 to help victims recover their files. “All brands …
Read More » -
9 July
Critical Security Advisory for Apache CloudStack
The Apache Software Foundation has warned about two serious security issues (CVE-2024-38346 and CVE-2024-39864) in Apache CloudStack, a popular open-source cloud computing platform. These vulnerabilities are a big threat to organizations using CloudStack to manage their virtualized infrastructure. Unauthenticated Cluster Service Port (CVE-2024-38346) The vulnerability CVE-2024-38346 is found in the …
Read More »
