Pierluigi Paganini
January 08, 2025
SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according […]
Pierluigi Paganini
January 08, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for the vulnerabilities added to the catalog: […]
Pierluigi Paganini
January 07, 2025
Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected […]
Pierluigi Paganini
January 07, 2025
US adds Chinese multinational technology and entertainment conglomerate Tencent to the list of companies supporting the Chinese military. The US Department of Defense has added Chinese multinational technology and entertainment conglomerate Tencent to its “Chinese military company” list under the Section 1260 requirement. The US government does not explain the decision. The list includes the […]
Pierluigi Paganini
January 06, 2025
Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and assess security vulnerabilities in systems, networks, and applications. Tenable was forced to disable two Nessus scanner agent versions because a faulty plugin update caused agents to […]
Pierluigi Paganini
January 05, 2025
A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code. A high-severity security flaw, tracked as CVE-2024-43405 (CVSS score of 7.4), in the open-source vulnerability scanner ProjectDiscovery’s Nuclei, could allow attackers to bypass signature checks and execute malicious code. The Wiz’s engineering team discovered the vulnerability. The vulnerability […]
Pierluigi Paganini
January 03, 2025
Apple has agreed to a $95 million settlement over a Siri eavesdropping lawsuit, denying any abuses. The settlement awaits judicial approval. Apple will pay $95 million to settle claims that its virtual assistant Siri was used to eavesdrop on users, though the company denies the allegations. The settlement proposed by the tech giant aims to […]
Pierluigi Paganini
January 03, 2025
Experts warn of a new PoC exploit, LDAPNightmare, that targets a Windows LDAP flaw (CVE-2024-49113), causing crashes & reboots. The vulnerability CVE-2024-49113 (CVSS score of 7.5), named LDAPNightmare, is a Windows Lightweight Directory Access Protocol (LDAP) Denial of Service flaw that was discovered by the researcher Yuki Chen. An attacker can exploit the now-patched vulnerability to […]
Pierluigi Paganini
January 03, 2025
Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are two protocols used to retrieve […]
Pierluigi Paganini
January 02, 2025
US authorities have arrested soldier Cameron John Wagenius for his alleged involvement in leaking presidential phone records. US authorities arrested Cameron John Wagenius (20), a US Army soldier, suspected of involvement in leaking presidential call logs. The soldier was arrested in Fort Hood, Texas, he is suspected to be the hacker who using the moniker […]
