A critical vulnerability has emerged in Progress Software’s MOVEit Transfer, a managed file transfer application, resulting in extensive exploitation and system takeovers. This flaw, labeled with the CVE identifier CVE-2023-34362, concerns a significant SQL injection vulnerability that could facilitate privilege escalation and unauthorized access within affected environments. According to statements…
Barracuda Warns Customers to Replace Compromised Email Security Gateways In a critical advisory, Barracuda Networks, a prominent enterprise security firm, is urging customers impacted by a recently uncovered zero-day vulnerability in its Email Security Gateway (ESG) appliances to replace their devices immediately. The company has emphasized that the affected ESG…
VMware has issued security updates addressing three critical vulnerabilities within its Aria Operations for Networks platform, vulnerabilities that pose significant threats of information disclosure and remote code execution risks. The most concerning of these vulnerabilities is a command injection flaw identified as CVE-2023-20887, which carries a CVSS score of 9.8.…
Recent disclosures highlight a critical and now-patched security vulnerability affecting Microsoft Windows, which has been actively exploited by threat actors. This exploit allows unauthorized users to gain elevated privileges on compromised systems. Identified as CVE-2023-29336, this flaw has been classified with a severity rating of 7.8, focusing on an elevation…
Fortinet Addresses Critical Vulnerability in FortiGate Firewalls Fortinet has issued critical patches to mitigate a serious security vulnerability impacting its FortiGate firewall products. This vulnerability, designated as CVE-2023-27997, allows threat actors to execute remote code under certain conditions, raising significant concerns for organizations using the affected systems. The flaw is…
Recent security alerts have surfaced regarding a significant vulnerability in the Microsoft Visual Studio installer, which poses risks for users by potentially enabling attackers to impersonate legitimate publishers and distribute harmful extensions. This flaw has been labeled “easily exploitable” by cybersecurity experts at Varonis. Dolev Taler, a researcher from Varonis,…
Fortinet has recently revealed a critical vulnerability affecting its FortiOS and FortiProxy platforms, identified as CVE-2023-27997, with a high CVSS score of 9.2. This flaw involves a heap-based buffer overflow in the SSL-VPN feature of these systems and could be exploited by remote attackers to execute arbitrary code through crafted…
Microsoft has recently released critical security updates aimed at addressing significant vulnerabilities in its Windows operating system and associated software. This rollout is part of the scheduled Patch Tuesday updates for June 2023. The update addresses a total of 73 vulnerabilities, categorized by severity as follows: six are marked as…
A critical security vulnerability has been identified within the WooCommerce Stripe Gateway plugin for WordPress, permitting potential unauthorized access to sensitive user information. This flaw, designated as CVE-2023-34000, affects versions up to 7.4.0 and was rectified in version 7.4.1, released on May 30, 2023. The WooCommerce Stripe Gateway plugin, integral…