Security Affairs

JANUARY 9, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. The critical vulnerabilities are: CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability.

Authentication 116

Authentication Internet Internet Hacking 116

Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 102

Authentication Cybersecurity Risk Information Security 102

Security Affairs

JANUARY 24, 2024

Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra’s GoAnywhere MFT (Managed File Transfer). Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT.

Authentication 114

Authentication Hacking Engineering Encryption 114

Security Affairs

JANUARY 10, 2024

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices.

Authentication 113

Authentication Hacking Software Information Security 113

Security Affairs

FEBRUARY 21, 2024

VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw CVE-2024-22245 (CVSS score: 9.6).

Authentication 118

Authentication Ransomware Software Information Security 118

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker.

Firewall 109

Firewall Authentication Architecture Backups 109

Security Affairs

MARCH 20, 2024

Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) reads the advisory published by JetBrains.

Malware 118

Malware Authentication Cryptocurrency Ransomware 118

Security Affairs

MARCH 5, 2024

Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises. An attacker can exploit the vulnerabilities to take control of affected systems. ” reads the advisory published by JetBrains.

Software 110

Software Authentication Hacking Information Security 110

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. For more information about Exchange Server’s support for Extended Protection for Authentication(EPA), please see Configure Windows Extended Protection in Exchange Server.”

Information Security 111

Information Security Internet Internet Healthcare 111

Security Affairs

MAY 9, 2024

Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x,

Authentication 97

Authentication Backups Cyber threats Malware 97

BH Consulting

MARCH 21, 2024

Returning to the healthcare space, the Irish Pharmacy Union has a guide to avoiding ransomware, produced by BH Consulting’s information security consultant Brendan Mooney. The EU said the voluntary wallet would remove the need to resort to commercial providers, “a practice that raises trust, security and privacy concerns”.

Cyber threats 69

Cyber threats Ransomware Healthcare Risk 69

Security Affairs

FEBRUARY 9, 2024

Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices. “An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, x), Ivanti Policy Secure (9.x, x), Ivanti Policy Secure (9.x,

Authentication 101

Authentication Software Internet Internet 101

Security Affairs

APRIL 11, 2024

The flaw affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L, these devices contain a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. The flaw CVE-2024-3272 is a Command Injection Vulnerability impacting D-Link Multiple NAS Devices.

DNS 116

DNS Authentication Hacking Cybersecurity 116

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 If a match occurs, authentication is granted.

Software 116

Software Authentication Passwords Engineering 116

Security Affairs

FEBRUARY 18, 2024

Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability CVE-2024-23476 9.6 Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 CVE-2024-23476 (CVSS score 9.6)

Cyber Attacks 125

Cyber Attacks Software Authentication Hacking 125

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 116

Data breaches Social Engineering Engineering Authentication 116

Security Affairs

JANUARY 31, 2024

Ivanti is warning of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2). x) and Policy Secure (9.x, x) and Policy Secure (9.x, x), Policy Secure (9.x, 20240126.5.xml”

Software 111

Software Authentication Hacking Malware 111

Security Affairs

FEBRUARY 1, 2024

For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. x) and Policy Secure (9.x,

VPN 103

VPN Authentication Software Malware 103

Security Affairs

FEBRUARY 5, 2024

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893 , is currently being actively exploited in real-world attacks by various threat actors. x), Policy Secure (9.x,

Software 101

Software Authentication Internet Internet 101

Security Affairs

JANUARY 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805 , and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. x and Ivanti Policy Secure.

Authentication 109

Authentication Hacking Cybersecurity Software 109

Security Affairs

APRIL 11, 2024

Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. Another DoS vulnerability in PAN-OS addressed by the vendor is tracked as CVE-2024-3384. The flaw affects only PAN-OS configurations with NTLM authentication enabled. ” reads the advisory.

Firewall 124

Firewall Software Engineering Authentication 124

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication. reads a post published by Crowdstrike on Reddit.

VPN 110

VPN Software Firewall Authentication 110

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Cyber Attacks 113

Cyber Attacks VPN Authentication Hacking 113

Malwarebytes

FEBRUARY 16, 2024

When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Today, I was alerted to the fact after spotting a warning by the German Federal Office for Information Security (BSI) about the same vulnerability, Something the BSI does not do lightly.

Authentication 128

Authentication Technology Ransomware Information Security 128

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 123

VPN Firewall Authentication Hacking 123

Security Affairs

JANUARY 11, 2024

Software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x,

Authentication 106

Authentication VPN Mobile Hacking 106

Security Affairs

MAY 9, 2024

The security flaw, tracked as CVE-2024-31497 , affects multiple versions of XenCenter for Citrix Hypervisor 8.2 The vulnerability CVE-2024-31497 was discovered by researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum. Versions of XenCenter for Citrix Hypervisor 8.2 and any versions after 8.2.7

Authentication 119

Authentication Hacking Information Security 119

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) Most of the Internet-facing devices are in South Korea, Hong Kong, the U.S.,

Hacking 126

Hacking Internet Internet Authentication 126

Security Affairs

MAY 2, 2024

HPE Aruba Networking released April 2024 security updates that addressed four critical remote code execution (RCE) vulnerabilities affecting multiple versions of the network operating system ArubaOS. CVE-2024-26304 – Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via the PAPI Protocol.

Mobile 90

Mobile Software Authentication Hacking 90

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. ” reads the advisory published by Okta.

VPN 111

VPN Accountability Firewall Data breaches 111

Security Affairs

FEBRUARY 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. It would be too dangerous for this information to be readily available to threat actors. ” said Sophos. ” said Sophos.

Authentication 106

Authentication Cybersecurity Hacking Accountability 106

Security Affairs

JANUARY 18, 2024

CVE-2024-0519 – Google Chromium V8 Out-of-Bounds Memory Access Vulnerability. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances.

Authentication 117

Authentication VPN Software Engineering 117

Security Affairs

MARCH 1, 2024

The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805 , CVE-2024-21887 , and CVE-2024-21893. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x), Policy Secure (9.x,

Authentication 79

Authentication Cyber threats VPN Government 79

Security Affairs

JANUARY 30, 2024

Juniper Networks has released out-of-band updates to address two high-severity flaws , tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The flaw CVE-2024-21619 (CVSS score: 5.3) ” reads the advisory.

Authentication 94

Authentication Hacking Cybersecurity Information Security 94

Security Affairs

MARCH 8, 2024

Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. The vulnerability CVE-2024-20337 (CVSS score 8.2) resides in the ISE Posture (System Scan) module of Cisco Secure Client for Linux.

VPN 95

VPN Authentication Hacking Information Security 95

Security Affairs

APRIL 4, 2024

Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-22053 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x,

Authentication 100

Authentication Hacking Cybersecurity Information Security 100

Security Affairs

FEBRUARY 16, 2024

The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CISA orders federal agencies to fix this vulnerability by March 7, 2024.

Authentication 112

Authentication Hacking Cybersecurity Risk 112