Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it &#8220… Continue reading Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that i… Continue reading PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday,… Continue reading March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML aut… Continue reading Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

March 2024 Patch Tuesday forecast: A popular framework updated

We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch Tuesday … Continue reading March 2024 Patch Tuesday forecast: A popular framework updated

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. Ab… Continue reading VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)

Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iOS … Continue reading Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us an… Continue reading Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wil… Continue reading Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the … Continue reading QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)