Category: Good news
Multiple Vulnerabilities in Progress Telerik Report Server Could Allow for Remote Code Execution
- by nlqip
MS-ISAC ADVISORY NUMBER: 2024-066 DATE(S) ISSUED: 06/04/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress’ business intelligence reporting suite through a web application. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the…
Read MoreCISA released four Industrial Control Systems (ICS) advisories on June 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read More‘The sale of OneNeck provides additional capital that can be used to support TDS Telecom’s fiber program, which includes investing in communities throughout the US with quality broadband connectivity,’ says TDS CFO Vicki L. Villacrez. US Signal, a data center services, cloud and connectivity company, said Monday it plans to buy OneNeck IT Solutions and…
Read MoreOn June 2, Snowflake indicated a recent increase in cyber threat activity targeting customer accounts on its cloud data platform. Snowflake issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access. Users and administrators are encouraged to hunt for any malicious activity, report positive findings to CISA,…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD)…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-3506 Oracle WebLogic Server OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…
Read MoreBaxter–Welch Ally Connex Spot Monitor Use of Default Cryptographic Key vulnerability in Baxter Welch Ally Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Ally Connex Spot Monitor in all versions prior to 1.52. 2024-05-31 not yet calculated CVE-2024-1275productsecurity@baxter.com Baxter–Welch Allyn Configuration Tool Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-065 DATE(S) ISSUED: 05/31/2024 OVERVIEW: A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-064 DATE(S) ISSUED: 05/31/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read MoreCISA released seven Industrial Control Systems (ICS) advisories on May 30, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreRecent Posts
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
- Tenable Selected by Bank of Yokohama to Secure its Active Directory and Eliminate Attack Paths
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami