Category vulnerabilities

Security Navigator Research: Vulnerabilities Traceable to the Last Millennium

Recent findings from Orange Cyberdefenses’ Security Navigator reveal a worrying trend in cybersecurity. Vulnerabilities that were first identified as far back as 1999 continue to be present in networks today, underscoring a persistently high risk landscape. Analyzing Vulnerability Lifespan The ongoing vulnerability scans conducted by Orange Cyberdefense allow for an…

Read MoreSecurity Navigator Research: Vulnerabilities Traceable to the Last Millennium

VMware Issues Patches for Critical Vulnerabilities in vRealize Log Insight Software

VMware Addresses Critical Security Flaws in vRealize Log Insight Software On Tuesday, VMware announced the release of a software update aimed at addressing four significant security vulnerabilities in its vRealize Log Insight platform, also known as Aria Operations for Logs. These flaws pose a serious risk of remote code execution…

Read MoreVMware Issues Patches for Critical Vulnerabilities in vRealize Log Insight Software

QNAP Addresses Critical NAS Vulnerability with New Security Updates

QNAP, a Taiwanese manufacturer of network-attached storage (NAS) devices, has issued urgent updates to address a critical security vulnerability that poses a significant risk of arbitrary code injection in its products. This vulnerability, identified as CVE-2022-27596, has received a CVSS score of 9.8 out of 10, indicating its severity. It…

Read MoreQNAP Addresses Critical NAS Vulnerability with New Security Updates

New Supply Chain Vulnerabilities Discovered in AMI MegaRAC BMC Software

Two additional security vulnerabilities have been identified in AMI MegaRAC Baseboard Management Controller (BMC) software, just two months following the discovery of three similar flaws in the same system. Firmware security firm Eclypsium disclosed these new vulnerabilities, which were withheld previously to allow AMI time to implement necessary mitigations. The…

Read MoreNew Supply Chain Vulnerabilities Discovered in AMI MegaRAC BMC Software

Researchers Discover New Vulnerabilities in Widely Used ImageMagick Image Processing Tool

ImageMagick Exposed: Two Critical Vulnerabilities Found Cybersecurity experts have identified serious security flaws in the widely-used open source software, ImageMagick, which could result in denial-of-service (DoS) attacks and unauthorized information disclosure. Discovered by the Latin American cybersecurity firm Metabase Q in version 7.1.0-49, these vulnerabilities were subsequently addressed in an…

Read MoreResearchers Discover New Vulnerabilities in Widely Used ImageMagick Image Processing Tool

Critical Vulnerabilities Uncovered in Cisco IOx and F5 BIG-IP Products

F5 Networks has issued a warning about a critical vulnerability affecting its BIG-IP appliances, which poses risks of denial-of-service (DoS) attacks or arbitrary code execution. This vulnerability stems from the iControl Simple Object Access Protocol (SOAP) interface, impacting several versions of BIG-IP, specifically versions 13.1.5, 14.1.4.6 to 14.1.5, 15.1.5.1 to…

Read MoreCritical Vulnerabilities Uncovered in Cisco IOx and F5 BIG-IP Products

Atlassian’s Jira Service Management Exposed to Severe Vulnerability

Atlassian Issues Security Patches for Critical Jira Vulnerability Atlassian has rolled out essential updates to address a significant security vulnerability in its Jira Service Management Server and Data Center products. This flaw could enable an attacker to impersonate another user and gain unauthorized access to affected instances, marking a substantial…

Read MoreAtlassian’s Jira Service Management Exposed to Severe Vulnerability

Alert: Hackers Targeting Zero-Day Vulnerability in Fortra’s GoAnywhere MFT

A newly discovered zero-day vulnerability impacting Fortra’s GoAnywhere MFT managed file transfer application is currently being exploited by cybercriminals. The details of this flaw emerged when security journalist Brian Krebs shared the information on Mastodon, although Fortra has yet to issue a public advisory regarding this incident. This vulnerability enables…

Read MoreAlert: Hackers Targeting Zero-Day Vulnerability in Fortra’s GoAnywhere MFT

OpenSSH Issues Patch for Newly Discovered Pre-Auth Double Free Vulnerability

The OpenSSH maintainers have announced the release of OpenSSH 9.2, which aims to rectify several security vulnerabilities, notably a memory safety issue identified in the OpenSSH server (sshd). This vulnerability, cataloged as CVE-2023-25136, is classified as a pre-authentication double free vulnerability that was introduced with version 9.1. The maintainers clarified…

Read MoreOpenSSH Issues Patch for Newly Discovered Pre-Auth Double Free Vulnerability