Aug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database. "The default … [Read more...] about Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
Issues
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Aug 26, 2024Ravie LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An … [Read more...] about SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
Likely eCrime Actor Capitalizing on Falcon Sensor Issues
Summary On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon® sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload … [Read more...] about Likely eCrime Actor Capitalizing on Falcon Sensor Issues
Toy robot security issues | Kaspersky official blog
Kaspersky experts recently studied the security of a popular toy robot model, finding major issues that allowed malicious actors to make a video call to any such robot, hijack the parental account, or, potentially, even upload modified firmware. Read on for the details. What a toy robot can do The toy robot model that we studied is a kind of hybrid between a smartphone/tablet … [Read more...] about Toy robot security issues | Kaspersky official blog
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
Jan 20, 2024NewsroomNetwork Security / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The … [Read more...] about CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability
Jun 06, 2023Ravie LakshmananBrowser Security / Vulnerability Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis … [Read more...] about Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability
Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Apr 12, 2023Ravie LakshmananPatch Tuesday / Software Updates It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. … [Read more...] about Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools
Mar 27, 2023Ravie LakshmananPrivacy / Windows Security Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped … [Read more...] about Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools
CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability
Feb 28, 2023Ravie LakshmananSoftware Security / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, … [Read more...] about CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability
Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy
Feb 19, 2023Ravie LakshmananNetwork Security / Firewall Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in … [Read more...] about Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy