The Spam Protection, Anti-Spam, and FireWall by CleanTalk plugin for WordPress are vulnerable to two security vulnerabilities tracked as CVE-2024-10542 and CVE-2024-10781. Successful exploitation of the vulnerabilities may allow an unauthenticated attacker to install and enable malicious plugins on vulnerable sites, ultimately leading to remote code execution.
CISA Warns Organizations to Patch Array Networks Remote Code Execution Vulnerability (CVE-2023-28461)
CISA added the Array Networks vulnerability, tracked as CVE-2024-28461, to the Known Exploited Vulnerabilities Catalog, acknowledging its active exploitation. CISA urged users to patch the vulnerability before December 16, 2024. Successful exploitation of the vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system. The ArrayOS is a purpose-built and customized operating … Continue reading “CISA Warns Organizations to Patch Array Networks Remote Code Execution Vulnerability (CVE-2023-28461)”
Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309)
Apple Safari, macOS Sequoia, iOS, and iPadOS are vulnerable to two security flaws being exploited in the wild. In the advisory, Apple mentioned that they are aware of a report that the vulnerabilities have been actively exploited on Intel-based Mac systems. Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered both CVE-2024-44308 and … Continue reading “Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309)”
CISA Added Palo Alto Networks Firewall Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-0012 & CVE-2024-9474)
CISA warns about two vulnerabilities being actively exploited, tracked as CVE-2024-0012 and CVE-2024-9474. Both vulnerabilities exist in the PAN-OS web management interface. CISA urged users to patch the vulnerabilities before December 9, 2024. Palo Alto mentioned in the advisory that they know about threat activity that exploits this vulnerability against a limited number of management … Continue reading “CISA Added Palo Alto Networks Firewall Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-0012 & CVE-2024-9474)”
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, and Secure Access Client
Ivanti Connect Secure, Policy Secure, and Secure Access Client are vulnerable to 25 security vulnerabilities. Out of these 25, eight are rated as critical, 13 as high, and four as medium. Ivanti mentioned in the advisory that there was no prior knowledge of any customers being exploited by these vulnerabilities prior to public disclosure.
Microsoft Patch Tuesday, November 2024 Security Update Review
Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide. From zero-day threats to key product patches, here’s what’s crucial to apply this month. Here’s a breakdown of the updates and how they impact your security posture. Microsoft Patch’s Tuesday, November 2024 edition addressed 92 vulnerabilities, … Continue reading “Microsoft Patch Tuesday, November 2024 Security Update Review”
Lottie Player (lottiefiles/lottie-player) Supply Chain Attack
Lottie Player (lottiefiles/lottie-player) is a web component that renders lightweight, high-quality animations from JSON files created with tools like Adobe After Effects, enabling scalable and interactive animations on websites and apps. Incident On October 30, 2024, the company posted an update on the forum about the recently infected versions of the Lottie Web Player. In the post, … Continue reading “Lottie Player (lottiefiles/lottie-player) Supply Chain Attack”
Cisco Secure Firewall Management Center Software Command Injection Vulnerability (CVE-2024-20424)
Cisco Firewall Management Center Software is vulnerable to a critical severity vulnerability tracked as CVE-2024-20424. Successful exploitation of the vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. Cisco mentioned in the advisory that they are unaware of any public exploitation of the vulnerability.
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (CVE-2024-20329)
Cisco released an advisory to address a security vulnerability impacting Cisco Adaptive Security Appliance Software. Tracked as CVE-2024-20329, the vulnerability has a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability could allow the attacker to execute commands on the underlying operating system with root-level privileges.
CISA Added Fortinet FortiManager Vulnerability to its Known Exploitable Vulnerabilities Catalog (CVE-2024-47575)
Fortinet released a security advisory warning its customers about a FortiManager API vulnerability used in zero-day attacks. Tracked as CVE-2024-47575, the vulnerability has a critical severity rating with a CVSS score of 9.8. Fortinet informed in the advisory that the vulnerability is used to steal sensitive files containing configurations, IP addresses, and credentials for managed … Continue reading “CISA Added Fortinet FortiManager Vulnerability to its Known Exploitable Vulnerabilities Catalog (CVE-2024-47575)”
