Rilevata una vulnerabilità con gravità “alta” in AIOHTTP, framework client/server HTTP utilizzato per creare applicazioni web ad alte prestazioni che richiedono la gestione di elevate richieste HTTP. Tale vulnerabilità, qualora sfruttata, potrebbe permettere l’invio di richieste POST opportunamente predisposte (multipart/form-data) che, al momento dell’elaborazione, portano…
CISA released three Industrial Control Systems (ICS) advisories on May 02, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-123-01 CyberPower PowerPanel ICSA-24-123-02 Delta Electronics DIAEnergie ICSA-24-067-01 Chirp Systems Chirp Access (Update C) CISA encourages users and administrators…
Questo CSIRT ha recentemente rilavato il riacutizzarsi di una campagna di smishing a tema “Richiesta di Accesso” rivolta ai clienti dell’istituto bancario BNL / BNPP. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CERT Coordination Center (CERT/CC) has released information on a vulnerability in R programming language implementations (CVE-2024-27322). A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply the necessary…
Rilevata vulnerabilità nel linguaggio di programmazione statistica “R”. Tale vulnerabilità, qualora sfruttata, potrebbe consentire l’esecuzione di codice arbitrario sui sistemi target tramite l’apertura di file “.rds” o “.rdx” opportunamente predisposti. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbox Escape Vulnerability These types of vulnerabilities are frequent…
Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-48365 con gravità “critica” – già sanata dal vendor a settembre 2023 – relativa a Qlik Sense, piattaforma di business intelligence e data integration. Tale vulnerabilità potrebbe consentire a un attaccante non autenticato l’esecuzione da remoto di…
Today, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. A cyber threat actor could exploit vulnerabilities (CVE-2024-20353, CVE-2024-20359, CVE-2024-20358) to take control of an affected system. Cisco has reported active exploitation of CVE…
