Security

Pierluigi Paganini March 09, 2024
Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild. The security firm did not provide details about the attacks exploiting this vulnerability. The issue […]

Pierluigi Paganini March 08, 2024
QNAP fixed three flaws in its NAS devices, including an authentication bypass

QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices that can be exploited to access the devices. The three flaws fixed are: The vulnerability CVE-2024-21899 (CVSS score 9.8) is the most severe of the above issues, it can be […]

Pierluigi Paganini March 08, 2024
Cisco addressed severe flaws in its Secure Client

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. Cisco Secure Client is a security tool developed by Cisco that provides VPN (Virtual Private Network) access […]

Pierluigi Paganini March 07, 2024
CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS memory corruption vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and […]

Pierluigi Paganini March 07, 2024
Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the […]

Pierluigi Paganini March 06, 2024
CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The Android Pixel vulnerability, tracked as CVE-2023-21237, resides in applyRemoteView of NotificationContentInflater.java. The exploitation of this vulnerability could lead […]

Pierluigi Paganini March 05, 2024
VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

VMware released urgent patches to address critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion and Cloud Foundation products Virtualization giant VMware released urgent updates to fix critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion, and Cloud Foundation products. The most severe vulnerabilities can be exploited by an attacker with local admin […]

Pierluigi Paganini March 05, 2024
CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-21338 (CVSS Score 7.8) Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. An attacker can exploit this vulnerability to gain SYSTEM privileges. […]

Pierluigi Paganini March 05, 2024
Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software

Two new security flaws in JetBrains TeamCity On-Premises software can allow attackers to take over affected systems. Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises. An attacker can exploit the vulnerabilities to take control of affected systems. Below are the descriptions for these vulnerabilities: […]

Pierluigi Paganini March 04, 2024
Threat actors hacked Taiwan-based Chunghwa Telecom

Threat actors stole sensitive and confidential data from the telecom giant Chunghwa Telecom Company, revealed the Ministry of National Defense. Chunghwa Telecom Company, Ltd. (literally Chinese Telecom Company) is the largest integrated telecom service provider in Taiwan, and the incumbent local exchange carrier of PSTN, Mobile, and broadband services in the country. Threat actors stole […]