Fortinet has recently uncovered a significant security vulnerability in its FortiOS SSL VPN, identified as CVE-2024-21762, which is currently believed to be actively exploited in the wild. This flaw, with a CVSS score of 9.6, poses a serious risk by enabling the execution of arbitrary code and commands by outside…
In its February 2024 Patch Tuesday updates, Microsoft has issued fixes for 73 security vulnerabilities across its software ecosystem, including two zero-day flaws currently under active exploitation. Among these vulnerabilities, five have been categorized as Critical and 65 as Important, while three have a Moderate severity rating. This release also…
Recent investigations have uncovered two distinct cyber espionage groups allegedly linked to China: UNC5325 and UNC3886, both exploiting vulnerabilities in Ivanti Connect Secure VPN appliances. UNC5325 is reported to have utilized the critical vulnerability tracked as CVE-2024-21893, distributing various malware strains, including LITTLELAMB.WOOLTEA and PITDOG, among others. According to Mandiant,…
Apple Releases Critical Security Updates to Address Exploited Vulnerabilities Apple has issued new security updates aimed at mitigating significant flaws in its operating systems, including vulnerabilities that have reportedly been exploited in the wild. The updates come in response to the discovery of two critical memory corruption issues affecting the…
Fortinet Alerts Users to Critical Security Vulnerability in FortiClientEMS Fortinet has issued a significant warning regarding a critical vulnerability affecting its FortiClientEMS software. This flaw poses a serious risk as it potentially enables attackers to execute arbitrary code on compromised systems, raising alarms for businesses relying on this software for…
On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog with three critical security flaws, highlighting their active exploitation in the wild. The vulnerabilities now included are CVE-2023-48788, CVE-2021-44529, and CVE-2019-7256, which pose significant risks to users of affected systems. Among these, CVE-2023-48788,…
In April 2024, Microsoft announced a critical security update addressing an unprecedented 149 vulnerabilities, with two of these flaws identified as actively exploited threats. This latest update categorizes three of the vulnerabilities as Critical, 142 as Important, three as Moderate, and one as Low in severity. Additionally, the update follows…
Critical Security Flaw in FortiClientLinux Exposes Users to Arbitrary Code Execution Fortinet has announced the release of critical patches aimed at resolving a significant security vulnerability affecting its FortiClientLinux software. This flaw, tracked as CVE-2023-45590, has been rated with a CVSS score of 9.4 on a 10-point scale, indicating a…
Cisco has issued a warning regarding a notable increase in brute-force attacks targeting a variety of devices since March 18, 2024. These attacks specifically affect Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services. Cisco Talos reports that the origins of these attacks can largely be traced…
