Ivanti Fixes Several vulnerabilities Affecting Endpoint Manager (EPM)
Ivanti Endpoint Manager consists of a wide variety of powerful and easy-to-use tools that allaAll clients, devices and user profiles […]
CVE-2024-29849: Critical Veeam Vulnerability Leads to Authentication Bypass
Veeam Backup Enterprise Manager, An administrative console is intended to assist in managing the tasks associated with Veeam Backup & […]
May 2024 – Microsoft Patch Tuesday Highlights
Microsoft has fixed two zero-day vulnerabilities that are known to be exploited in the wild in this month’s security patches. […]
CVE-2024-3400: Palo Alto PAN-OS Command Injection Vulnerability
Background Palo Alto Networks discovered a significant vulnerability in PAN-OS software used in security appliances such as next-generation firewalls on […]
Critical Fixes for March 2024 Patch Tuesday
Background Microsoft has issued Patch Tuesday for March 2024, fixing 61 security flaws. Two vulnerabilities are categorized as critical in […]
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
ConnectWise released a major advisory on February 19, 2024, addressing two extremely serious vulnerabilities affecting ScreenConnect versions 23.9.7 and earlier: […]
CVE-2024-22245: VMware Requests EAP Uninstall ASAP
This week, VMware published a security advisory addressing two vulnerabilities detected in the VMware Enhanced Authentication Plug-in (EAP): one recorded […]
CVE-2024-21413: Critical MonikerLink Vulnerability in Outlook
An intriguing vulnerability in how Outlook handles particular hyperlinks has been found, and threat actors have been known to use […]
CVE-2024-21762: Critical Fortinet FortiOS Vulnerability
Background Two serious FortiOS vulnerabilities were discovered by Fortinet’s FortiGuard on February 8, 2024. Unauthenticated threat actors may be able […]
CVE-2024-21893: New Ivanti Zero-Day Vulnerability Actively Exploited
Employees, partners, and clients may access business data and apps securely and under control with the help of Ivanti Connect […]
CVE-2024-21591: Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Junos OS simplifies and fine-tunes network operations, increasing operational efficiency and vital time and resources for top-line growth. Many of […]
CVE-2024-20272: Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability
Cisco recently resolved a significant security vulnerability in the Unity Connection. Unity Connection is a fully virtualized messaging and voicemail […]
CVE-2023-39336: SQL Injection Vulnerability in Ivanti Endpoint Manager
Ivanti Endpoint Manager is an all-in-one endpoint management solution. It provides a unified solution for managing user profiles and all […]
CVE-2023-7028: A Critical Vulnerability Affecting GitLab
GitLab is a web-based DevOps lifecycle solution developed by GitLab Inc. that provides unparalleled visibility and productivity throughout the whole […]
CVE-2023-50164: Apache Struts Path Traversal Vulnerability
Threat actors began attempting to exploit CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework […]
Enterprise Applications are at Risk from Serious Atlassian Vulnerabilities
Threat actors have historically targeted Atlassian vulnerabilities in products affected by the four vulnerabilities described below to achieve goals such […]
Critical Vulnerability Patched in SAP Business One Product
SAP, a well-known commercial software provider, has disclosed three new vulnerabilities in its Security Patch Day release for November 2023. […]
Exploitation of Apache ActiveMQ Vulnerability CVE-2023-46604
Rapid7 Managed Detection and Response (MDR) found potential exploitation of Apache ActiveMQ CVE-2023-46604 in two distinct customer scenarios on Friday, […]
CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
BIG-IP, a comprehensive portfolio of hardware platforms and software solutions from F5 Networks, focuses on security, dependability, and performance. These […]
North Korean Attacks Exploiting JetBrains TeamCity Vulnerability
More than 30,000 clients worldwide use JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server. Background: The program can be […]
CVE-2023-34039: Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks
The VMware Aria management and monitoring package provides full-scope operations management, IT automation, log management, analytics creation, network visibility, and […]
Lazarus Exploits a Zoho ManageEngine Vulnerability to Distribute QuiteRAT and CollectionRAT
A recently fixed vulnerability (CVE-2022-47966) affecting Zoho ManageEngine ServiceDesk Plus has been used by Lazarus, a North Korean state-sponsored APT […]
Cuba Ransomware Group Targets Critical Systems by Using Veeam Vulnerability
Using a mix of outdated and modern techniques, the Cuba ransomware group has been seen launching attacks against American critical […]