vulnerabilities

Critical Security Vulnerabilities Found in VMWare vCenter Server

by
Critical Security Vulnerabilities Found in VMWare vCenter Server

VMware recently released security updates to address critical vulnerabilities impacting its vCenter Server products. The vulnerabilities, known as CVE-2024-37079 and CVE-2024-37080, have been assigned a high CVSSv3.1 score of 9.8 out of 10. These vulnerabilities could potentially lead to remote code execution if successfully exploited through heap overflow in vCenter Server’s DCE/RPC protocol implementation. The … Read more

Cisco fixes security vulnerabilities in Webex used to breach German government meetings

by
Cisco fixes security vulnerabilities in Webex used to breach German government meetings

Cisco recently addressed vulnerabilities that were used to compromise the German government’s Webex meetings. In early May, it was revealed that threat actors exploited vulnerabilities in the implementation of Cisco Webex software by the German government. This comes after a previous incident in March where Russian-linked actors hacked into a military meeting discussing military support … Read more

Major security vulnerabilities detected in Microsoft Azure service tags

by
Major security vulnerabilities detected in Microsoft Azure service tags

Tenable Research has identified a vulnerability in Microsoft Azure service tags that could potentially lead to attackers bypassing firewall rules and gaining unauthorized access to internal Azure services. Initially discovered in the Azure Application Insights service, the vulnerability was found to affect more than 10 other Azure services. The report emphasizes the importance of adding … Read more

Critical vulnerabilities in VMware patched to prevent attackers from escaping virtual machines

by
Critical vulnerabilities in VMware patched to prevent attackers from escaping virtual machines

VMware released security patches to fix vulnerabilities in the USB controllers of various hypervisors, including ESXi, Workstation, Fusion, and Cloud Foundation. These vulnerabilities could allow attackers to execute malicious code on the host system, bypassing the isolation layer. Previous exploits in VM products have been used by attacker groups to deploy ransomware. The security patches … Read more

Citrix alerts public to exploitation of new Netscaler zero-day vulnerabilities

by
Citrix alerts public to exploitation of new Netscaler zero-day vulnerabilities

Citrix has warned its customers about two zero-day vulnerabilities affecting Netscaler ADC and Gateway appliances that expose them to remote code execution and denial-of-service attacks. To exploit these vulnerabilities, attackers need access to low-privileged accounts and specific network configurations. Only customer-managed Netscaler appliances are affected, not Citrix-managed cloud services. The affected product versions include Netscaler … Read more

Two vulnerabilities discovered by Citrix, both actively exploited

by
Two vulnerabilities discovered by Citrix, both actively exploited

Two vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, previously known as Citrix ADC and Citrix Gateway, impacting six supported versions. The first vulnerability, CVE-2023-6548, requires access to NSIP, CLIP, or SNIP with access to the management interface, allowing threat actors to authenticate remote code execution on the device. The severity of this … Read more

Cisco Releases Updates to Fix Webex Vulnerabilities After German Government Meetings’ Security Breach – SecurityWeek

by

Cisco has recently addressed security vulnerabilities in its Webex meeting platform following reports of potential exploitation by threat actors. The issue came to light after members of the German government raised concerns about the security of the platform during a virtual meeting. The vulnerabilities in question could have allowed unauthorized individuals to access sensitive information … Read more

SecurityWeek Reports VMware Patching Vulnerabilities from Pwn2Own 2024 Exploits

by

VMware recently addressed vulnerabilities that were exploited during the Pwn2Own hacking competition in 2024. The company has released patches to address these security flaws, ensuring that its customers’ systems are protected from potential cyber threats. The vulnerabilities were discovered and utilized by ethical hackers during the competition, highlighting the importance of addressing such issues promptly. … Read more

CEO to Testify about Exploitation of Citrix Vulnerabilities by UnitedHealth Hackers

by
CEO to Testify about Exploitation of Citrix Vulnerabilities by UnitedHealth Hackers

UnitedHealth is set to testify about a cybersecurity breach that occurred on February 12, where hackers gained access to a Citrix portal of its Change Healthcare unit using compromised credentials. CEO Andrew Witty mentioned that the threat actor moved within the systems and exfiltrated data. On February 21, a ransomware attack by a cybercriminal known … Read more

Cisco Finesse Exposes Vulnerabilities Allowing Attackers to Execute Stored XSS Attacks

by
Cisco Finesse Exposes Vulnerabilities Allowing Attackers to Execute Stored XSS Attacks

Cisco has disclosed two vulnerabilities in its Finesse web-based management interface which could allow remote attackers to conduct a stored cross-site scripting attack. The vulnerabilities, identified as CVE-2024-20404 and CVE-2024-20405, involve a remote file inclusion vulnerability and a server-side request forgery attack. These vulnerabilities have a security impact rating of Medium, as they provide limited … Read more