flaw

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks – Go Health Pro

by
CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks – Go Health Pro

Nov 26, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), … Read more

Adload malware exploits flaw to bypass macOS protections for Safari – Go Health Pro

by
Adload malware exploits flaw to bypass macOS protections for Safari – Go Health Pro

Microsoft Threat Intelligence on Oct. 17 warned security teams that Microsoft Defender for Endpoint detected that Adload malware exploited a previously patched macOS vulnerability. Referred to as the HM Surf vulnerability, the flaw — CVE-2024-44133 — lets attackers bypass the transparency, consent, and control (TCC) protections for the Safari browser directory, giving attackers unlimited access … Read more

Fog, Akira ransomware groups exploit critical Veeam backup flaw – Go Health Pro

by
Fog, Akira ransomware groups exploit critical Veeam backup flaw – Go Health Pro

The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publication of the proof-of-concept (PoC) developed by watchTowr Labs was delayed … Read more

14 DrayTek vulnerabilities patched, including max-severity RCE flaw – Go Health Pro

by
14 DrayTek vulnerabilities patched, including max-severity RCE flaw – Go Health Pro

DrayTek patched 14 vulnerabilities affecting 24 of its router models, including a maximum severity buffer overflow flaw that could lead to remote code execution (RCE) or denial-of-service (DoS). The two critical-, nine high- and three medium-severity DrayTek bugs were discovered by Forescout Research’s Vedere Labs and described in a report titled “DRAY:BREAK” published Thursday. Shodan … Read more

Veeam patches 5 vital vulnerabilities, together with unauthenticated RCE flaw – Go Well being Professional

by
Veeam patches 5 vital vulnerabilities, together with unauthenticated RCE flaw – Go Well being Professional

Veeam launched patches for 13 high-severity and 5 vital vulnerabilities, together with one flaw in Veeam Backup & Replication that would result in unauthenticated distant code execution (RCE). The September 2024 Veeam safety bulletin, final up to date Thursday, consists of bugs found in six Veeam merchandise, with CVSS scores starting from 7.3 to 9.9. … Read more

x