Cybersixgill’s Post

Uncovered: Over 50,000 hosts at risk due to a critical Tinyproxy flaw! Learn the importance of rapid patching against CVE-2023-49606 for optimal security. #Cybersecurity #Tinyproxy #VulnerabilityAlert #PatchNow #cybersecurity #security #news https://lnkd.in/epTWZsER

🚨 Urgent Security Alert 🚨 The maintainers of shim have just released version 15.8 to address six critical security flaws, including a 🔒CRITICAL bug (CVE-2023-40547) discovered by Bill Demirkapi from the Microsoft Security Response Center. 🌐 The Vulnerability: This flaw could lead to a Secure Boot bypass, potentially allowing remote code execution under specific circumstances. The shim's http boot support trusts attacker-controlled values, leading to a controlled out-of-bounds write primitive. 💡 Impact: In a hypothetical scenario, an attacker on the same network or with local privileges could leverage this flaw to compromise the system. This could occur through a Man-in-the-Middle attack intercepting HTTP traffic between the victim and the HTTP server. ⚠️ Compromise Potential: Exploiting this vulnerability grants the attacker control of the system before the kernel is loaded, providing privileged access and the ability to bypass controls implemented by the kernel and operating system. 🔧 Other Fixed Vulnerabilities in shim v15.8: CVE-2023-40546: Out-of-bounds read causing denial-of-service (DoS) CVE-2023-40548: Buffer overflow on 32-bit processors leading to crash or data integrity issues CVE-2023-40549: Out-of-bounds read in authenticode function, triggering DoS CVE-2023-40550: Out-of-bounds read validating Secure Boot Advanced Targeting (SBAT) information, risking information disclosure CVE-2023-40551: Out-of-bounds read parsing MZ binaries, leading to a crash or possible exposure of sensitive data 🛡️ Immediate Action: 🔒 Update to shim version 15.8 to patch these critical vulnerabilities. 👉 Follow us on Twitter and LinkedIn for more exclusive content and stay informed about cybersecurity updates. 🌐🔗 #Cybersecurity #SecurityAlert #ShimUpdate #Vulnerability #SecureBoot #InfoSec #CVE202340547 #TechSecurity 🚨🔐

We are pleased to share a new blog post discussing a critical security vulnerability in the TOTOLINK A3600R router identified as CVE-2024-7176. This flaw, found in the cstecgi.cgi script, has the potential for a buffer overflow, posing a serious threat to security. Learn more about this issue and its implications by reading the full post at https://buff.ly/4dnRtjF. #cybersecurity #CVE #securitythreats

🚨 Critical Palo Alto Networks Vulnerability Alert (CVE-2024-5910) 🚨 Palo Alto Networks has identified a critical vulnerability (CVE-2024-5910) in its Expedition tool that can lead to an admin account takeover. This flaw, due to missing authentication for a critical function, impacts versions below 1.2.92 and puts configuration secrets, credentials, and other data at risk. Palo Alto Networks has reported no known malicious exploitation of this vulnerability, but it is crucial to act swiftly. Protect your network and sensitive data by staying updated and following best security practices. For more details, https://lnkd.in/gt76Pk74 #cybersecurity #infosec #PaloAltoNetworks #security #vulnerability #CVE20245910 #networksecurity #PatchNow #InfoSecRegister

🚨 Alert: Ivanti has disclosed a critical security vulnerability, CVE-2024-8963, impacting its Cloud Service Appliance (CSA), which is actively exploited in the wild. This flaw, with a CVSS score of 9.4, allows unauthenticated remote attackers to access restricted functionality. Combining with another vulnerability, CVE-2024-8190 (CVSS score: 7.2), attackers can bypass admin authentication and execute arbitrary commands. Some customers have already been affected, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add this vulnerability to its Known Exploited Vulnerabilities catalog. Federal agencies are urged to apply patches by October 10, 2024. To address this issue: - Immediate Patch Application: Upgrade to CSA version 5.0, as earlier versions like 4.6 are unsupported. Version 5.0 mitigates the risk. - Monitor for Exploitation: Actively monitor systems for signs of exploitation or unauthorized access. - Apply Security Updates for All Flaws: Ensure patches for both vulnerabilities are applied to prevent authentication bypass. - Isolate and Harden Affected Systems: Temporarily isolate unpatched systems and implement access restrictions. - Update Incident Response Plans: Review and update response plans to prepare for potential exploits. Backup and recovery measures should be in place.

🚨 2 New Critical Vulnerability Alerts 🚨 SolarWinds Web Help Desk CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability that allows attackers remote unauthenticated access to create, read, update, and delete data on specific WHD endpoints. HashiCorp Vault SSH CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine that could allow a bad actor unrestricted SSH access to systems, potentially leading to data breaches, service disruptions, and unauthorized control over critical infrastructure. Emma Zaballos breaks down everything you need to know about these critical vulnerabilities, including practical steps to safeguard your systems. Read about the SolarWinds Web Help Desk CVE-2024-28987: https://bit.ly/47MC6zo Read about the HashiCorp Vault SSH CVE-2024-759: https://bit.ly/4dpsf3L #Cybersecurity #CyberThreat #VulnerabilityAlert #SolarWinds #HashiCorp

Microsoft Dataverse Authentication Flaw Let Attackers Escalate Privileges https://lnkd.in/g6vsTTig #Infosec #Security #Cybersecurity #CeptBiro #MicrosoftDataverse #AuthenticationFlaw #EscalatePrivileges

Progress Flowmon is a network monitoring and security solution developed by Progress, a software company. It is designed to provide visibility into network traffic, detect anomalies, and enhance network security by identifying potential threats and vulnerabilities. Flowmon helps organizations monitor their network infrastructure, analyze traffic patterns, and respond to security incidents effectively. CVE-2024-2389 The security flaw, designated as CVE-2024-2389, represents a critical risk with a maximum CVSS score of 10, originating from an OS command injection vulnerability. This vulnerability permits unauthorized access to the system through the Flowmon management interface, enabling the execution of arbitrary system commands. Exploiting this flaw could grant attackers unrestricted access to vital network infrastructure. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/eyEPVEmR #flowmon #network #software #anomalies #threats #vulnerabilities #risk #cvss #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

🔒 Morphisec researchers have identified CVE-2024-38021, a critical zero-click RCE vulnerability in Microsoft Outlook. This flaw can lead to severe risks including data breaches and unauthorized access. Ensure all systems are patched, implement robust email security measures, and educate users on the dangers of suspicious emails. How is your organization strengthening its defenses against such vulnerabilities? Read more: https://lnkd.in/eUinCdpX #CyberSecurity #VulnerabilityManagement #MicrosoftOutlook #silism

Attention Power Platform admins and makers! If you haven't yet updated your custom connectors, now is the time to act. The CVE-2023-36019 vulnerability poses a significant risk, and the deadline for updates was February 17, 2024 (until March 29 is a transition period). Ensure your systems remain secure and fully functional by updating your redirect URIs as soon as possible. Don't wait until it's too late—take action today to protect your platform and maintain uninterrupted service. #PowerPlatform #CyberSecurity #CVE2023-36019 #UpdateNow #MicrosoftSchweiz https://lnkd.in/djv36a4J (Blog post only in English)