Over 400 servers found to be exposed to SAP NetWeaver bug – Go Health Pro

Over 400 servers found to be exposed to SAP NetWeaver bug – Go Health Pro

Security pros warned that teams should patch a critical zero-day bug in SAP NetWeaver Visual Composer immediately after the Shadowserver Foundation found that more than 400 servers are exposed to potential attacks.Active exploitation of the vulnerability has already been confirmed, with risks including remote code execution and full system compromise. As of yesterday, 427 servers … Read more

Palo Alto Networks patches DoS bug in PAN-OS software – Go Health Pro

Palo Alto Networks patches DoS bug in PAN-OS software – Go Health Pro

Palo Alto Networks on Dec. 26 released a patch for a denial-of-service (DoS) flaw in the DNS security feature of the company’s PAN-OS firewall software. The high-severity 8.7 bug — CVE-2024-3393 — lets an unauthenticated attacker send a malicious packet through the data plane of the firewall that actually reboots the device. Palo Alto said … Read more

Palo Alto Expedition bug with 9.3 rating exploited by attackers, CISA warns – Go Health Pro

Palo Alto Expedition bug with 9.3 rating exploited by attackers, CISA warns – Go Health Pro

The Cybersecurity and Infrastructure Security Agency (CISA) on Nov. 7 warned that attackers are exploiting a Palo Alto Expedition missing authentication vulnerability that lets threat actors with network access takeover an Expedition admin account and access configuration secrets and credentials. Expedition is a Palo Alto migration tool that lets security teams convert firewall configurations from … Read more

AI bug bounty program yields 34 flaws in open-source tools – Go Health Pro

AI bug bounty program yields 34 flaws in open-source tools – Go Health Pro

Nearly three dozen flaws in open-source AI and machine learning (ML) tools were disclosed Tuesday as part of Protect AI’s huntr bug bounty program. The discoveries include three critical vulnerabilities: two in the Lunary AI developer toolkit and one in a graphical user interface (GUI) for ChatGPT called Chuanhu Chat. The October vulnerability report also … Read more

Jetpack patches critical bug that exposed data on 27M WordPress sites – Go Health Pro

Jetpack patches critical bug that exposed data on 27M WordPress sites – Go Health Pro

Jetpack released a patch for a critical vulnerability that could let malicious users submit a specially crafted request to the WordPress server to then disclose data submitted by other users — a flaw that left sensitive personal information potentially exposed on 27 million websites. Owned by Automattic, the company behind WordPress, the Jetpack plug-in offers … Read more