Ivanti Addresses Critical Security Vulnerabilities in Connect Secure and Policy Secure Gateways Ivanti has issued urgent security updates to rectify multiple vulnerabilities affecting its Connect Secure and Policy Secure Gateways. These flaws present significant risks, including potential code execution and denial-of-service (DoS) conditions, which could severely disrupt service delivery. The…
Recent investigations have unveiled a critical vulnerability linked to the CONTINUATION frame in the HTTP/2 protocol, which can be weaponized for denial-of-service (DoS) attacks. The technique, dubbed HTTP/2 CONTINUATION Flood, was reported by security researcher Bartek Nowotarski to the CERT Coordination Center (CERT/CC) on January 25, 2024. CERT/CC issued an…
A significant vulnerability has been identified in Magento, with threat actors exploiting this flaw to implant a persistent backdoor in e-commerce platforms. This attack leverages the CVE-2024-20720 vulnerability (CVSS score: 9.1), categorized by Adobe as indicative of “improper neutralization of special elements,” which can lead to arbitrary code execution. The…
Cybersecurity Alert: Vulnerabilities Found in D-Link NAS Devices Open Doors to Exploitation Recent findings reveal that threat actors are actively exploiting security weaknesses affecting approximately 92,000 D-Link network-attached storage (NAS) devices exposed to the internet. The vulnerabilities, identified as CVE-2024-3272 and CVE-2024-3273, are categorized with high CVSS scores of 9.8…
Recent security assessments have uncovered multiple vulnerabilities in LG’s webOS, the operating system used in its smart TVs, presenting risks that could allow unauthorized access and control over affected devices. Discovered by the cybersecurity firm Bitdefender, these issues were first reported in November 2023, with LG issuing patches to address…
A cyber threat group of suspected Romanian origin, identified as RUBYCARP, has been linked to a long-lasting botnet engaged in various malicious activities, including cryptocurrency mining, distributed denial-of-service (DDoS) attacks, and phishing schemes. This group appears to have been operational for at least a decade, primarily motivated by financial gain,…
A significant security vulnerability has been identified in the Rust standard library, potentially affecting Windows users through command injection exploits. This vulnerability, designated as CVE-2024-24576, receives a maximum severity rating with a CVSS score of 10.0. It specifically arises in scenarios where batch files are executed in Windows using untrusted…
In April 2024, Microsoft announced a critical security update addressing an unprecedented 149 vulnerabilities, with two of these flaws identified as actively exploited threats. This latest update categorizes three of the vulnerabilities as Critical, 142 as Important, three as Moderate, and one as Low in severity. Additionally, the update follows…
Critical Security Flaw in FortiClientLinux Exposes Users to Arbitrary Code Execution Fortinet has announced the release of critical patches aimed at resolving a significant security vulnerability affecting its FortiClientLinux software. This flaw, tracked as CVE-2023-45590, has been rated with a CVSS score of 9.4 on a 10-point scale, indicating a…
