Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers – Go Health Pro

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers – Go Health Pro

Nov 27, 2024Ravie LakshmananVulnerability / Software Security A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until … Read more

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks – Go Health Pro

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks – Go Health Pro

Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of … Read more

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks – Go Health Pro

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks – Go Health Pro

Nov 26, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), … Read more

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – Go Health Pro

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – Go Health Pro

Nov 04, 2024Ravie LakshmananVulnerability / Cyber Threat Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. “Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions … Read more

EMB3D – A Threat Model For Critical Infrastructure Embedded Devices – Go Health Pro

EMB3D – A Threat Model For Critical Infrastructure Embedded Devices – Go Health Pro

Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested for vulnerabilities. Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number … Read more