critical

  • Blog
    digitpatrox3 days ago
    14

    Critical RCE bug in VMware vCenter Server now exploited in attacks

    ​Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. TZL security researchers reported the RCE vulnerability (CVE-2024-38812) during China’s 2024 Matrix Cup hacking contest. It is caused by a heap overflow weakness in the vCenter’s DCE/RPC protocol implementation and affects products containing vCenter, including VMware vSphere…

    Read More »
  • Blog
    digitpatrox4 days ago
    16

    Palo Alto Networks warns of critical RCE zero-day exploited in attacks

    Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as ‘PAN-SA-2024-0015,’ is actively being exploited in attacks. The flaw was originally disclosed on November 8, 2024, with Palo Alto Networks warning customers to restrict access to their next-generation firewalls because of a “potential” remote code execution (RCE) vulnerability impacting them. No signs…

    Read More »
  • Blog
    digitpatrox7 days ago
    24

    These three critical sectors are riddled with high-risk vulnerabilities

    The finance, healthcare, and IT sectors are among the most vulnerable to cyber attacks, new research reveals, with thousands of critical security flaws identified across all three industries. Research from software firm Black Duck analyzed data from over 200,000 dynamic application security testing (DAST) scans on around 1,300 apps across 19 industries between June 2o23 and June 2024. Black Duck’s…

    Read More »
  • Blog
    digitpatrox1 week ago
    13

    Critical bug in EoL D-Link NAS devices now exploited in attacks

    ​Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-10914, the command injection vulnerability was found by security researcher Netsecfish, who also shared exploitation details and said that unauthenticated attackers could exploit it to inject arbitrary shell commands by sending malicious HTTP GET requests…

    Read More »
  • Blog
    digitpatrox1 week ago
    20

    Four Critical Vulnerabilities Paved Over

    On Patch Tuesday, Windows systems will be updated with a flood of security fixes. In November, Windows patched four zero-day vulnerabilities, two of which have been exploited. Patch Tuesdays are a good time for admin teams to remind employees of the importance of keeping operating systems and applications up to date. In the meantime, software makers like Microsoft and Adobe…

    Read More »
  • Blog
    digitpatrox1 week ago
    22

    D-Link won’t fix critical bug in 60,000 exposed EoL modems

    Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user’s password and take complete control of the device. The vulnerability was discovered in the D-Link DSL6740C modem by security researcher Chaio-Lin Yu (Steven Meow), who reported it to Taiwan’s computer and response center (TWCERTCC).…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    83

    HPE warns of critical RCE flaws in Aruba Networking access points

    Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba’s Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    89

    D-Link won’t fix critical flaw affecting 60,000 older NAS devices

    More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized. An unauthenticated attacker could exploit it to inject arbitrary shell commands by sending…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    25

    Critical Veeam RCE bug now used in Frag ransomware attacks

    After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Florian Hauser found that the vulnerability (tracked as CVE-2024-40711) is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to gain remote code execution (RCE)…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    24

    CISA warns of critical Palo Alto Networks bug exploited in attacks

    Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition servers. “Palo Alto Expedition contains…

    Read More »
Load More
Back to top button
close