CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20399 Cisco NX-OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational…
MongoDB Inc. ha rilasciato aggiornamenti di sicurezza per risolvere una vulnerabilità con gravità “alta” che interessa la sandbox del parser ejson di MongoDB Compass, applicazione grafica per l’interazione con il database MongoDB. Tale vulnerabilità potrebbe essere sfruttata per eseguire codice arbitrario nel contesto dell’applicazione. Source…
With PAN-OS 9.0 (quite some time ago), Palo Alto Networks has added Dynamic DNS for a firewall’s interfaces. That is: If your Internet-facing WAN interface gets a dynamic IP address via DHCP or PPPoE (rather than statically configured), the firewall updates this IP address to…
Juniper Networks released a security bulletin to address a vulnerability in Junos OS: SRX Series. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. Users and administrators are encouraged to review the following and apply the necessary updates: JSA83195 Juniper Security…
Rilevate alcune vulnerabilità di sicurezza, di cui 3 con gravità “critica” e 2 con gravità “alta”, in Apache HTTP Server, noto server web open source sviluppato da Apache Software Foundation. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
A career in cybersecurity is a smart move given the diversity of roles and pathways. Life at Fortinet: Meet Alexandra Mehat, Director of Product Marketing. Source link Author: Fortinet Article used for cyber security disclosure.
CISA released seven Industrial Control Systems (ICS) advisories on June 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-179-01 TELSAT marKoni FM Transmitter ICSA-24-179-02 SDG Technologies PnPSCADA ICSA-24-179-03 Yokogawa FAST/TOOLS and CI Server ICSA-24-179-04 Johnson Controls Illustra…
Disponibile un Proof of Concept (PoC) per la CVE-2024-5276 – già sanata dal vendor – presente in Fortra FileCatalyst Workflow, portale web per la gestione dei file condivisi in ambito aziendale. Tale vulnerabilità – di tipo “SQL Injection”, con score CVSS v3.x pari a 9.8…
