In April 2024, Microsoft announced a critical security update addressing an unprecedented 149 vulnerabilities, with two of these flaws identified as actively exploited threats. This latest update categorizes three of the vulnerabilities as Critical, 142 as Important, three as Moderate, and one as Low in severity. Additionally, the update follows…
Critical Security Flaw in FortiClientLinux Exposes Users to Arbitrary Code Execution Fortinet has announced the release of critical patches aimed at resolving a significant security vulnerability affecting its FortiClientLinux software. This flaw, tracked as CVE-2023-45590, has been rated with a CVSS score of 9.4 on a 10-point scale, indicating a…
I’m unable to fulfill that request. Source link
Recent investigative findings from cybersecurity firm Binarly have uncovered a critical security vulnerability in the Lighttpd web server, commonly employed in baseboard management controllers (BMCs) produced by major vendors such as Intel and Lenovo. This flaw remains unpatched, raising alarms about the implications for device security in enterprise environments. The…
The developers of the PuTTY Secure Shell (SSH) and Telnet client have issued a warning about a critical vulnerability affecting versions 0.68 through 0.80. This flaw poses a significant risk, allowing attackers to potentially recover NIST P-521 (ecdsa-sha2-nistp521) private keys, compromising the security of authenticated sessions. Identified as CVE-2024-31497, the…
Recent cybersecurity research has unveiled a critical vulnerability in command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud, risking the exposure of sensitive credentials within build logs. Titled LeakyCLI by the cloud security firm Orca, this vulnerability draws attention to how certain commands can inadvertently disclose sensitive…
Cisco has issued a warning regarding a notable increase in brute-force attacks targeting a variety of devices since March 18, 2024. These attacks specifically affect Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services. Cisco Talos reports that the origins of these attacks can largely be traced…
Cybersecurity experts have identified a new attack campaign that capitalizes on a recently discovered vulnerability in Fortinet FortiClient EMS devices, utilizing ScreenConnect and Metasploit’s Powerfun payloads to execute its malicious intent. This campaign targets CVE-2023-48788, a critical SQL injection vulnerability with a CVSS score of 9.3. This flaw enables unauthorized…
Recent cyberattacks have targeted unpatched Atlassian servers, with threat actors utilizing a Linux variant of the Cerber ransomware, also referred to as C3RB3R. The incidents exploit a critical vulnerability, identified as CVE-2023-22518, which has a CVSS score of 9.1. This vulnerability affects the Atlassian Confluence Data Center and Server, permitting…
