vulnerability - Security Ticks

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager 2024-10-24 at 17:03 By Cyble Overview The Cybersecurity and Infrastructure Security Agency (CISA) has added Fortinet’s FortiManager to its known Exploited Vulnerabilities (KEV) catalog, indicating a pressing need for organizations to address the associated risks. The critical vulnerability identified as CVE-2024-47575 has been assigned a CVSS score […]

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager Read More »

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More

vulnerability / SecurityTicks

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More 2024-10-24 at 15:48 By Cyble Overview Cyble Research & Intelligence Labs (CRIL) has shared new details about weekly industrial control systems (ICS) vulnerabilities. These vulnerabilities were issued by the Cybersecurity and Infrastructure Security Agency (CISA) from October 15 to

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More Read More »

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog

vulnerability / SecurityTicks

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog 2024-10-23 at 16:01 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) recently added a vulnerability related to ScienceLogic SL1, previously known as EM7, to its Known Exploited Vulnerabilities (KEV) catalog. The specific vulnerability in question, designated as CVE-2024-9537, has been

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog Read More »

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed

vulnerability / SecurityTicks

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed 2024-10-23 at 14:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding newly discovered vulnerabilities in Microsoft SharePoint, specifically addressing a deserialization vulnerability now included in CISA’s Known Exploited Vulnerability (KEV) catalog. The

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed Read More »

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations

Bitdefender, vulnerability / SecurityTicks

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations 2024-10-22 at 16:16 By daksh sharma Overview Bitdefender has issued a security advisory detailing critical vulnerabilities within its flagship products, Bitdefender Total Security and SafePay. These vulnerabilities pose significant risks to users and require urgent patching. Bitdefender Total Security serves as a cybersecurity solution designed to protect

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations Read More »

Cyble Sensors Detect Attacks on Java Framework, IoT Devices

vulnerability / SecurityTicks

Cyble Sensors Detect Attacks on Java Framework, IoT Devices 2024-10-22 at 15:40 By daksh sharma Overview Cyble’s weekly sensor intelligence report detailed more than 30 active attack campaigns against known vulnerabilities. New attacks were observed against a vulnerability in the Spring Java framework, and more than 400,000 attacks were observed exploiting a known IoT vulnerability.

Cyble Sensors Detect Attacks on Java Framework, IoT Devices Read More »

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Broadcom, CVE, Don't miss, Hot stuff, News, security update, virtualization, VMWare, vulnerability / SecurityTicks

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

CVE, Don't miss, exploit, Hot stuff, News, Positive Technologies, Roundcube, vulnerability / SecurityTicks

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) 2024-10-22 at 12:34 By Zeljka Zorz Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) Read More »

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise

vulnerability / SecurityTicks

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise 2024-10-21 at 15:33 By daksh sharma Overview Splunk has recently issued an advisory detailing multiple vulnerabilities discovered in its Splunk Enterprise software. The advisory categorize vulnerabilities into three primary classifications based on their CVSS base scores. In total, there are two vulnerabilities classified as High, with

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise Read More »

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products

Delta products, Rockwell Automation, Siemens, vulnerability / SecurityTicks

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products 2024-10-21 at 14:18 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Industrial Control System (ICS) Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency (CISA) between

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products Read More »

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products

Delta products, Rockwell Automation, Siemens, vulnerability / SecurityTicks

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products 2024-10-21 at 13:56 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Industrial Control System (ICS) Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency (CISA) between

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products Read More »

SolarWinds Releases Patches for High-Severity Vulnerabilities

SolarWinds, vulnerability / SecurityTicks

SolarWinds Releases Patches for High-Severity Vulnerabilities 2024-10-17 at 16:46 By daksh sharma Overview SolarWinds has issued an important security update advisory outlining the latest vulnerability patches released for its products. This advisory provides insights into recently disclosed vulnerabilities affecting the SolarWinds range and emphasizes the need for organizations to take immediate action to protect their

SolarWinds Releases Patches for High-Severity Vulnerabilities Read More »

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments

GitHub, vulnerability / SecurityTicks

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments 2024-10-17 at 14:31 By daksh sharma Overview GitHub has issued a security advisory regarding critical vulnerabilities that require immediate attention from users of the GitHub Enterprise Server (GHES). This advisory highlights a specific vulnerability that could severely compromise organizations’ security relying on this self-hosted version

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments Read More »

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products

CISA, CVE-2024-28987, vulnerability / SecurityTicks

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products 2024-10-16 at 14:14 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention. CISA categorizes vulnerabilities based on

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products Read More »

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors

exploit, vulnerability / SecurityTicks

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors 2024-10-15 at 15:16 By rohansinhacyblecom Overview On September 10, 2024, a critical vulnerability, CVE-2024-45409, was identified by ahacker1 of SecureSAML. The vulnerability was then patched in the Ruby-SAML library, which is widely used for implementing SAML (Security Assertion Markup Language) authorization. This flaw affects Ruby-SAML

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors Read More »

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

CVE, Don't miss, enterprise, Fortinet, FortiOS, Hot stuff, News, Shadowserver, vulnerability, WatchTowr / SecurityTicks

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits

Ivanti, Microsoft, Qualcomm, vulnerability, Zimbra / SecurityTicks

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits 2024-10-15 at 12:52 By daksh sharma Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) investigated 22 vulnerabilities during the week of Oct. 2-8 and identified six products that security teams should prioritize for patching and mitigation. Additionally, Cyble researchers detected 14

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

CVE, Don't miss, ESET, Firefox, Hot stuff, News, security update, Tor, vulnerability / SecurityTicks

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics

Delta Electronics, Mitsubishi, TEM, vulnerability / SecurityTicks

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics 2024-10-10 at 15:18 By dakshsharma16 Key Takeaways Overview Cyble researchers have identified vulnerabilities in three products used in critical infrastructure environments that merit high-priority attention from security teams. Cyble’s weekly industrial control system/operational technology (ICS/OT) vulnerability report for Oct. 1-7 investigated 10 vulnerabilities in

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics Read More »

OEMs Are Urged to Address Vulnerabilities in Device Communication

CVE-2024-43047, Google, Qualcomm, vulnerability / SecurityTicks

OEMs Are Urged to Address Vulnerabilities in Device Communication 2024-10-09 at 17:31 By dakshsharma16 Overview Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google’s Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE-2024-43047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role

OEMs Are Urged to Address Vulnerabilities in Device Communication Read More »