Several serious vulnerabilities have been discovered in Telit Cinterion cellular M2M modems, including the possibility of remote arbitrary code execution (RCE) via SMS messages. These modems are used in millions of different devices and systems for both the consumer market segment (payment terminals, ATMs, cars) and various industries such as healthcare, financial, … [Read more...] about Critical vulnerabilities in Telit Cinterion modems
Critical
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
May 06, 2024NewsroomVulnerability / Server Security More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free … [Read more...] about Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
What You Need to Know About the Critical PAN-OS Zero-Day
UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the 18 vulnerable versions have been released; patches for the remaining vulnerable versions are expected by April 19th. CrowdStrike is constantly working to protect our customers from … [Read more...] about What You Need to Know About the Critical PAN-OS Zero-Day
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
Apr 20, 2024NewsroomVulnerability / Network Security Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in versions PAN-OS 10.2, PAN-OS … [Read more...] about Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Mar 18, 2024NewsroomVulnerability / Threat Mitigation Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory … [Read more...] about Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Critical Automation: Anomaly Detection for Application Observability
There’s no debate — in our increasingly AI-driven, lean and data-heavy world, automating key tasks to increase effectiveness and efficiency is the ultimate name of the game.No matter what job you hold today, you’re likely being pushed to not only do more with less, but also perform your work with a tighter focus on specific outcomes and SLOs. This is certainly true of today’s … [Read more...] about Critical Automation: Anomaly Detection for Application Observability
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. "Volt Typhoon's choice of targets and … [Read more...] about Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade
Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros
Feb 07, 2024NewsroomDevice Security / Vulnerability The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the … [Read more...] about Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros
U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks
Feb 03, 2024NewsroomIntelligence Agency / Cyber Security The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, … [Read more...] about U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Jan 13, 2024NewsroomVulnerability / Network Security Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX … [Read more...] about Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches