security update

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and […]

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V 2024-03-12 at 22:11 By Zeljka Zorz On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday, the

React to this headline:

Loading spinner

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V Read More »

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) 2024-03-08 at 13:03 By Zeljka Zorz Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker

React to this headline:

Loading spinner

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) Read More »

March 2024 Patch Tuesday forecast: A popular framework updated

March 2024 Patch Tuesday forecast: A popular framework updated 2024-03-08 at 08:47 By Help Net Security We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch

React to this headline:

Loading spinner

March 2024 Patch Tuesday forecast: A popular framework updated Read More »

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation 2024-03-07 at 15:07 By Helga Labus VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. About the vulnerabilities VMware ESXi

React to this headline:

Loading spinner

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation Read More »

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) 2024-03-06 at 11:45 By Zeljka Zorz Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS and iPadOS 17.4 carry fixes for

React to this headline:

Loading spinner

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

React to this headline:

Loading spinner

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! 2024-02-20 at 12:16 By Zeljka Zorz ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken

React to this headline:

Loading spinner

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! Read More »

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) 2024-02-14 at 12:46 By Zeljka Zorz QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities

React to this headline:

Loading spinner

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) Read More »

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) 2024-02-12 at 21:01 By Zeljka Zorz Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding it to its Known Exploited Vulnerabilities (KEV) catalog, though

React to this headline:

Loading spinner

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) Read More »

February 2024 Patch Tuesday forecast: Zero days are back and a new server too

February 2024 Patch Tuesday forecast: Zero days are back and a new server too 2024-02-09 at 08:32 By Mirko Zorz January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new

React to this headline:

Loading spinner

February 2024 Patch Tuesday forecast: Zero days are back and a new server too Read More »

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) 2024-02-07 at 12:31 By Helga Labus JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative

React to this headline:

Loading spinner

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) Read More »

Self-managed GitLab installations should be patched again (CVE-2024-0402)

Self-managed GitLab installations should be patched again (CVE-2024-0402) 2024-01-30 at 14:02 By Zeljka Zorz Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability (CVE-2024-0402) in GitLab CE/EE again and is urging users to update their installations immediately. GitLab Inc. operates

React to this headline:

Loading spinner

Self-managed GitLab installations should be patched again (CVE-2024-0402) Read More »

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) 2024-01-29 at 13:31 By Helga Labus Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins has been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based open-source automation server that helps

React to this headline:

Loading spinner

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) Read More »

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) 2024-01-23 at 13:46 By Helga Labus Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS

React to this headline:

Loading spinner

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) Read More »

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) 2024-01-18 at 12:16 By Zeljka Zorz A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in the wild” exploitation of this

React to this headline:

Loading spinner

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) Read More »

Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

Google fixes actively exploited Chrome zero-day (CVE-2024-0519) 2024-01-17 at 12:01 By Zeljka Zorz In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an existing exploit. About CVE-2024-0519 V8 is an open-source JavaScript and WebAssembly engine developed by the Chromium Project

React to this headline:

Loading spinner

Google fixes actively exploited Chrome zero-day (CVE-2024-0519) Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

React to this headline:

Loading spinner

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) 2024-01-15 at 11:16 By Helga Labus Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat

React to this headline:

Loading spinner

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) Read More »

Scroll to Top