Zyxel Firewall is vulnerable to a critical vulnerability being used in recent cyberattacks. Tracked as CVE-2024-11667, the flaw used to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued the details informing the severity of these attacks and the immediate steps that organizations must take to protect their network devices. CVE-2024-11667 is a … Continue reading “Zyxel Firewall Directory Traversal Vulnerability Exploited in Ransomware Attack (CVE-2024-11667)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
ProjectSend Improper Authorization Vulnerability Under Active Exploitation (CVE-2024-11680)
Attackers are exploiting a critical vulnerability in ProjectSend. Tracked as CVE-2024-11680 has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to modify the application’s configurations and lead to code execution. As per VulnCheck, “The project is moderately popular, with almost 1,500 GitHub stars and more than 4,000 … Continue reading “ProjectSend Improper Authorization Vulnerability Under Active Exploitation (CVE-2024-11680)”
Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309)
Apple Safari, macOS Sequoia, iOS, and iPadOS are vulnerable to two security flaws being exploited in the wild. In the advisory, Apple mentioned that they are aware of a report that the vulnerabilities have been actively exploited on Intel-based Mac systems. Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered both CVE-2024-44308 and … Continue reading “Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309)”
CISA Added Palo Alto Networks Firewall Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-0012 & CVE-2024-9474)
CISA warns about two vulnerabilities being actively exploited, tracked as CVE-2024-0012 and CVE-2024-9474. Both vulnerabilities exist in the PAN-OS web management interface. CISA urged users to patch the vulnerabilities before December 9, 2024. Palo Alto mentioned in the advisory that they know about threat activity that exploits this vulnerability against a limited number of management … Continue reading “CISA Added Palo Alto Networks Firewall Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-0012 & CVE-2024-9474)”
Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, & CVE-2024-9467)
Palo Alto Networks releases patches to address five security vulnerabilities impacting Palo Alto Networks’ Expedition solution. Successful exploitation may allow attackers to access sensitive data, such as user credentials, to help take over firewall admin accounts. An attacker may also chain the vulnerabilities to hijack PAN-OS firewalls. Palo Alto Networks is unaware of any malicious … Continue reading “Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, & CVE-2024-9467)”
Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)
Mozilla warns about the active exploitation of a vulnerability impacting Firefox and the Firefox Extended Support Release (ESR). Tracked as CVE-2024-9680, the vulnerability has a critical severity rating with a CVSS score of 9.8. Damien Schaeffer from ESET discovered and reported the vulnerability to Mozilla. CVE-2024-9680 is a use after free vulnerability in the Animation … Continue reading “Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)”
Broadcom Releases Patch for vCenter Server Multiple Vulnerabilities (CVE-2024-38812 & CVE-2024-38813)
VMware vCenter is vulnerable to two security vulnerabilities, tracked as CVE-2024-38812 & CVE-2024-38813. One vulnerability (CVE-2024-38812) has been given a critical severity rating that may allow an attacker to perform remote code execution. The second vulnerability (CVE-2024-38813) may result in privilege escalation.
Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication
Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise. One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker … Continue reading “Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication”
SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)
SolarWinds released a security advisory to address a critical vulnerability impacting its Web Help Desk (WHD). Tracked as CVE-2024-28987, the vulnerability has a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote, unauthenticated user to access internal functionality and modify data. CISA acknowledged the active exploitation of CVE-2024-28987 by adding it … Continue reading “SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)”
Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)
For the ninth time this year, Google Chrome users are urged to update their browsers immediately as a new zero-day vulnerability has been discovered. Google released a security advisory to address the zero-day vulnerability tracked as CVE-2024-7971. CVE-2024-7971 is a type confusion vulnerability in Chrome’s V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence … Continue reading “Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)”
