On November 18th, Palo Alto Networks published an advisory regarding a critical vulnerability in their PAN-OS software, a core component for their next-generation firewall product line.
Nov 18 - 3 Min Read
On October 24th, 2024, Cisco published an advisory regarding a critical vulnerability in their Adaptive Security Appliance (ASA) Software, a core component of their firewall and VPN appliances. The vulnerability is due to insufficient user input validation and can be abused by a remote authenticated attacker to execute arbitrary commands as the root account.
Oct 30 - 4 Min Read
On October 23rd, 2024, Fortinet published an advisory regarding active exploitation of the FortiManager platform, a solution used to centrally manage Fortinet products. The advisory discloses a critical severity vulnerability, nicknamed FortiJump.
Oct 23 - 4 Min Read
On October 9th, 2024, cyber security firm Horizon3 published a blog post detailing multiple critical vulnerabilities they discovered in Palo Alto’s Expedition product. Expedition is a utility tool that allows Palo Alto clients to migrate firewall configurations from other vendor products to Palo Alto devices.
Oct 11 - 2 Min Read
On September 26th, 2024, an independent researcher disclosed a critical vulnerability in CUPS, a printing software package commonly used in Linux systems. CUPS may be enabled by default on some versions of Linux, meaning a server not intended or used as a printer server may still be vulnerable as a result.
Sep 27 - 2 Min Read
On September 10th, 2024, Ivanti published an advisory detailing multiple critical severity vulnerabilities in their Endpoint Management (EPM) product. The EPM product manages IT assets, troubleshooting, and deployment of software and operating systems.
Sep 13 - 2 Min Read
On July 1st, Qualys Security publicly disclosed details regarding an impactful vulnerability in OpenSSH, an essential software tool used globally for secure network communications and remote system administration. OpenSSH is integral to maintaining confidentiality and control over remote sessions, underpinning a vast array of critical infrastructure across the internet.
Jul 6 - 6 Min Read
On June 25th, software company Fortra disclosed a critical severity vulnerability in their managed file transfer software application, FileCatalyst Workflow. The vulnerability is being tracked as CVE-2024-5276 which is an SQL Injection vulnerability that allows an attacker to modify application data.
Jun 29 - 2 Min Read
On June 25th, software company Progress publicly disclosed a critical severity vulnerability in their managed file transfer software application, MOVEit Transfer. The vulnerability is being tracked as CVE-2024-5806 and allows a remote attacker to bypass authentication and log in as any valid user on the system.
Jun 26 - 6 Min Read
On June 11th, Adobe released a security bulletin covering several vulnerabilities in their Magento, Commerce, and Commerce Webhooks Plugin software. There were ten vulnerabilities, seven of which had a CVSS severity of “critical”, with scores of 8 or above.
Jun 13 - 2 Min Read
On June 11th, cybersecurity firm Morphisec published an article detailing a critical vulnerability in Microsoft Outlook. Successful exploitation of this vulnerability will enable attackers to run arbitrary code by sending a specially designed email.
Jun 12 - 2 Min Read
On June 6th, cybersecurity firm Devcore published an advisory detailing a critical bug in the widely used web framework PHP-CGI. Successful exploitation of this vulnerability allows a remote attacker without credentials to perform remote code execution (RCE) on a targeted machine.
Jun 11 - 3 Min Read
On June 5th, SolarWinds disclosed a vulnerability in their file transfer application Serv-U. The vulnerability is being tracked as CVE-2024-28995 and is a directory transversal vulnerability that would allow an attacker to read sensitive files on the target machine.
Jun 7 - 2 Min Read
On May 31st, cybercrime intelligence firm Hudson Rock published a report detailing communications with a threat actor behind recent high-profile, high-impact breaches of Ticketmaster and Santander Bank. In their conversation, the threat actor revealed they were able to compromise Ticketmaster and Santander data due to an initial breach they executed against cloud data services company Snowflake.
May 31 - 2 Min Read
On May 27th, the Check Point Research Division reported a vulnerability in certain Check Point Quantum Security Gateway devices. The vulnerability is being tracked as CVE-2024-24919, which provides a remote attacker the ability to access protected information on an affected device without credentials.
May 29 - 2 Min Read
On May 7th, Veeam Software reported a critical vulnerability they found during internal testing of their Veeam Service Provider Console (VSPC) product. The vulnerability allows a remote attacker with low level access credentials the ability to carry out arbitrary remote code execution (RCE) on a victim machine.
May 9 - 2 Min Read
On April 24th, Cisco reported on an attack campaign against certain Cisco devices running Cisco Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) Software. The report detailed three vulnerabilities: CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359.
Apr 25 - 5 Min Read
On April 12, 2024, Palo Alto Networks disclosed a critical command injection vulnerability identified as CVE-2024-3400, impacting certain configurations of its PAN-OS software. This vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges.
Apr 13 - 3 Min Read
On March 4th, 2024, software development company JetBrains disclosed two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) in their Continuous Integration / Continuous Deliver (CI/CD) product, TeamCity.
Mar 8 - 1 Min Read
On February 19th, 2024, ConnectWise published a security bulletin reporting two impactful vulnerabilities in their product ConnectWise. One of these vulnerabilities is particularly severe, with a critical rating of 10.0 on the CVSS scale, indicating the highest level of risk when successfully exploited.
Feb 20 - 2 Min Read
On February 13th, 2024, Microsoft addressed several vulnerabilities as part of its monthly Patch Tuesday. One of those vulnerabilities was in Microsoft Exchange Server and was reported as critical because the attack vector is 1) remote, 2) unauthenticated, and 3) low complexity.
Feb 14 - 2 Min Read
On January 10th, 2024, Ivanti published a vulnerability report for two products: Ivanti Connect Secure and Ivanti Policy Secure Gateways. The two vulnerabilities (CVE-2023-46805, CVE-2024-21887) are reported to be under active exploitation at this time, according to joint reporting from Volexity who discovered the attacks.
Jan 24 - 1 Min Read