• Cybersecurity News

A critical vulnerability has been discovered in IBM Power Systems servers, potentially allowing unauthorized access and complete control over affected systems. The flaw, identified as CVE-2024-45656, ... Read more

• Cybersecurity News

In a recent security advisory, Spring Security disclosed CVE-2024-38821, a critical vulnerability impacting WebFlux applications, with a CVSS severity score of 9.1. The flaw enables an “authorization ... Read more

• Cybersecurity News

Infection chain | Image: CRILCyble Research and Intelligence Labs (CRIL) has recently uncovered a covert and sophisticated cyberespionage campaign dubbed “HeptaX,” which exploits Remote Desktop Protoc ... Read more

• Cybersecurity News

Cisco has issued a critical security advisory warning of a command injection vulnerability in its Secure Firewall Management Center (FMC) Software. Tracked as CVE-2024-20424 and assigned a CVSS score ... Read more

• The Cyber Express

Cyble’s Vulnerability Intelligence unit has spotlighted a series of cyberattacks targeting critical vulnerabilities in various software systems, including the Ruby SAML library, D-Link NAS devices, an ... Read more

• Cybersecurity News

Image: DanielIn a detailed analysis by security researcher Daniel, a serious vulnerability in Zendesk’s email management system, tracked as CVE-2024-49193, has been revealed. This flaw exposes compani ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 202 ... Read more

• Help Net Security

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analy ... Read more

• Cybersecurity News

Image: Peter GabaldonSecurity researcher Peter Gabaldon published the technical details and proof-of-concept exploit code for two high-severity vulnerabilities, CVE-2024-7479 and CVE-2024-7481, which ... Read more

• Cybersecurity News

Renowned security researcher Marcus Hutchins has unveiled a new open-source tool designed to help administrators and security professionals identify vulnerable instances of the Common Unix Printing Sy ... Read more

• Cybersecurity News

In a recent analysis conducted by Harsh Jaiswal and Rahul Maini at ProjectDiscovery, a critical vulnerability, CVE-2024-45409, was uncovered, exposing a flaw in Ruby-SAML and OmniAuth-SAML libraries, ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding two critical vulnerabilities in the TEM Opera Plus FM Family Transmitter products, widely used in crit ... Read more

• Cybersecurity News

A newly discovered critical vulnerability, CVE-2024-36435, has been uncovered in several Supermicro enterprise products, potentially exposing organizations to significant security risks. Discovered by ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has once again raised the alarm, adding four new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These a ... Read more

• Cybersecurity News

Security researcher Zach Hanley from Horizon3.ai published the technical details and a proof-of-concept (PoC) exploit code for a critical hardcoded credential vulnerability, CVE-2024-28987, in the pop ... Read more

• Cybersecurity News

HashiCorp, a leading provider of infrastructure automation software, has issued a critical security advisory concerning a vulnerability in its popular secrets management tool, Vault. The flaw, designa ... Read more

• Cybersecurity News

Security researchers have uncovered two critical vulnerabilities in the Jupiter X Core WordPress plugin, impacting over 90,000 websites. The flaws could allow unauthenticated attackers to take complet ... Read more

• security.nl

De populaire online DevOps-tool GitLab heeft een beveiligingsupdate voor een kritieke SAML authentication bypass, waardoor aanvallers toegang tot GitLabs-accounts kunnen krijgen, ook voor oudere versi ... Read more

• Cybersecurity News

Pure Storage has released a critical security advisory detailing multiple high-severity vulnerabilities impacting its FlashArray and FlashBlade storage systems. These vulnerabilities, some with a maxi ... Read more

• Cybersecurity News

Image: NetsecfishA newly discovered and actively exploited vulnerability in RAISECOM Gateway devices poses a significant threat to enterprise security. The flaw, tracked as CVE-2024-7120 with a critic ... Read more

• TheCyberThrone

A critical security vulnerability has been discovered in the Grafana Plugin SDK for Go, that  could lead to the inadvertent leakage of sensitive information, including repository credentials.The vulne ... Read more

• Cybersecurity News

Image: KeycloakIn a concerning development for organizations relying on Keycloak for secure identity and access management, a high-severity vulnerability has been discovered in its SAML signature vali ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 21, 2024.Microsoft Kernel Vulne ... Read more

• TheCyberThrone

Acronis has released an advisory for a critical security vulnerability in its popular backup plugins for server management platforms like cPanel, Plesk, and DirectAdmin.The vulnerability, tracked as C ... Read more

• TheCyberThrone

Nigerian ngCERT has issued an urgent warning of ransomware groups actively targeting critical systems by exploiting the vulnerability tracked as CVE-2023-27532 in Veeam Backup and Replication software ... Read more

• TheCyberThrone

Ivanti has released a patch for a critical vulnerability in its new Cloud Services Appliance (CSA) vulnerability, which will lead to a path traversal issueThe vulnerability tracked as CVE-2024-8963 wi ... Read more

• Dark Reading

Source: T. Schneider via ShutterstockOrganizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform th ... Read more

• TheCyberThrone

Atlassian releases patches for high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd.There are four vulnerabilities addressed in these products, all four allowing attackers to caus ... Read more

• The Hacker News

Enterprise Security / DevOps GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vuln ... Read more

• BleepingComputer

GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE ... Read more

• Cybersecurity News

A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained popula ... Read more

• Cybersecurity News

The Tor site of Lynx | Image: Rapid7In a recent report from Rapid7 Labs, the Lynx ransomware group has emerged as a new threat in the ever-evolving landscape of cybercrime. Identified in July 2024, Ly ... Read more

• Cybersecurity News

A critical security vulnerability, CVE-2024-45409, has been identified in the Ruby-SAML library, a widely used tool for implementing SAML (Security Assertion Markup Language) authorization on the clie ... Read more