Category Archives: Enterprise

Hackers breaching construction firms via specialized accounting software

Posted on by

Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active intrusions among plumbing, HVAC, concrete, and si… Continue reading Hackers breaching construction firms via specialized accounting software

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

Posted on by

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have publis… Continue reading PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

Posted on by

CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged… Continue reading Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

Posted on by

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an o… Continue reading Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Posted on by

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, t… Continue reading Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

Posted on by

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out… Continue reading Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

Posted on by

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty progr… Continue reading Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

To improve your cybersecurity posture, focus on the data

Posted on by

Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scienti… Continue reading To improve your cybersecurity posture, focus on the data

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

Posted on by

SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unabl… Continue reading Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)