• Cybersecurity News

Synology has issued a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in several of its camera firmware products, including Synology Camera BC500, TC500, and CC400W. The vuln ... Read more

• Cybersecurity News

Identity and access management giant, Okta, recently addressed a vulnerability that could have allowed malicious actors with valid credentials to bypass critical security measures. The vulnerability, ... Read more

• The Hacker News

Vulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May t ... Read more

• Cybersecurity News

Developers using the popular low-code platform Scriptcase are urged to update their software immediately after discovering three critical vulnerabilities that could expose their applications to seriou ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 28, 2024.FreeBSD flagged with a ... Read more

• The Register

Infosec In Brief Put away that screwdriver and USB charging cable – the latest way to steal a Kia just requires a cellphone and the victim's license plate number. Sam Curry, who previously demonstrate ... Read more

• Cybersecurity News

A critical vulnerability has been discovered in the popular GiveWP donation plugin for WordPress, potentially allowing unauthenticated attackers to take complete control of affected websites. The flaw ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Windows Server 2025 gets hotpatching option, without reboots Organizations that plan to upgrade to Win ... Read more

• TheCyberThrone

There’s has been a spotlight on one of the vulnerability reported critical unauthenticated remote code execution flaws affecting Linux systems.Security researcher Simone Margaritelli discovered this v ... Read more

• TheCyberThrone

VLC media player has been traced with a vulnerability that could allow malicious actors to crash the program or even execute arbitrary code.The vulnerability tracked as CVE-2024-46461, with a CVSS sco ... Read more

• TheCyberThrone

TeamViewer has addressed two critical vulnerabilities impacting its Remote Client and Remote Host products for Windows.The vulnerabilities tracked as CVE-2024-7479 and CVE-2024-7481 both with a CVSS s ... Read more

• Cybersecurity News

Pure Storage has released a critical security advisory detailing multiple high-severity vulnerabilities impacting its FlashArray and FlashBlade storage systems. These vulnerabilities, some with a maxi ... Read more

• Dark Reading

Source: Kristoffer Tripplaar via Alamy Stock PhotoThe Cybersecurity and Infrastructure Security Agency (CISA) has added a third Ivanti vulnerability to the agency's Known Exploited Vulnerabilities (KE ... Read more

• Help Net Security

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remote ... Read more

• Help Net Security

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecuri ... Read more

• TheCyberThrone

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593 with a CVSS score 9.8 to its Known Exploited Vul ... Read more

• The Hacker News

Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Expl ... Read more

• Cybersecurity News

A study titled “Exposed by Default: A Security Analysis of Home Router Default Settings” has shed light on the pervasive vulnerabilities present in home routers, highlighting significant risks associa ... Read more

• BleepingComputer

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in at ... Read more

• security.nl

Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in Ivanti Virtual Traffic Manager waarvoor vorige maand updates verschenen. Dat meldt het Cybersecurity and Infrastructure Security Agen ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited security vulnerability impacting Ivanti Virtual Traffic Manager (vTM), a ... Read more

• Cybersecurity News

Marko Polo infection chain (Source: Recorded Future)Researchers at Recorded Future have uncovered a large-scale cyberattack affecting tens of thousands of devices worldwide. It was later revealed that ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding two actively exploited security flaws to its Known Exploited Vulnerabilities (KEV) catalog, urging immedia ... Read more

• Cybersecurity News

Researchers at Cado Security Labs have uncovered two malicious campaigns that exploit misconfigured instances of Selenium Grid. Once a trusted tool for browser automation and testing, Selenium Grid ha ... Read more

• Cybersecurity News

The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,” which has put over 22,000 packages at risk of exploitation. Unlike traditional typosquat ... Read more

• europa.eu

Cyber Brief (August 2024)September 4, 2024 - Version: 1.0TLP:CLEARExecutive summaryWe analysed 249 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, in Europe, th ... Read more

• Cybersecurity News

A high-severity security vulnerability (CVE-2024-38811, CVSS 8.8) has been identified in VMware Fusion, a popular virtualization software for macOS. The vulnerability, discovered by Mykola Grymalyuk o ... Read more

• Cybersecurity News

A critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS 9.8), in Ivanti’s Virtual Traffic Manager (vTM), is now significantly easier to exploit thanks to the release of public p ... Read more

• Cybersecurity News

A cloned GlobalProtect page that directs users to download spoofed GlobalProtect installers | Image: Unit 42Please enable JavaScriptIn a recent investigation, the Unit 42 Managed Threat Hunting (MTH) ... Read more

• TheCyberThrone

The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more

• TheCyberThrone

The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more

• TheCyberThrone

To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.The researchers a ... Read more

• Cyber Security News

Ivanti Virtual Traffic Manager has been discovered with a critical vulnerability which was associated with authentication bypass. This vulnerability has been assigned with CVE-2024-7593 and the severi ... Read more

• The Hacker News

Vulnerability / Network Security Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogu ... Read more

• BleepingComputer

​Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. Iv ... Read more

• Cybersecurity News

Ivanti has issued a security advisory addressing a critical vulnerability (CVE-2024-7593) in its Virtual Traffic Manager (vTM), a software-based Layer 7 application delivery controller (ADC). The flaw ... Read more

• security.nl

Softwarebedrijf Ivanti heeft vandaag beveiligingsupdates uitgebracht voor kritieke kwetsbaarheden in Ivanti Neurons for IT Service Management (ITSM) en Ivanti Virtual Traffic Manager en on-premise kla ... Read more