Fortinet wants users of several SSL VPNs to update
Fortinet is again warning of a critical vulnerability, this time in FortiOS SSL VPN. The vulnerability enables a remote execution code attack and is reportedly already being actively exploited.
Fortinet found another vulnerability in one of its products. This time it is in FortiOS SSL VPN. The v... Read more
Two critical vulnerabilities hit FortiSIEM
Fortinet's FortiSIEM solution has been hit by two vulnerabilities rated most critical at 10. The vulnerabilities allow hackers to perform remote code execution (RCE).
The Fortinet security information and event management (SIEM) platform FortiSIEM has been affected by two vulnerabilities that ha... Read more
Critical vulnerability in EPM software Ivanti lets hackers take over core server
Ivanti's Endpoint Management (EPM) software contains a critical vulnerability that allows hackers to hijack even the core server. This is not the first time Ivanti has been hit by a vulnerability in its software during the period of one year.
Ivanti continues to find vulnerabilities in its softw... Read more
Ivanti fixes 14 critical vulnerabilities in Avalanche MDM solution
Ivanti recently patched as many as fourteen critical security vulnerabilities in its enterprise MDM solution Avalanche. These vulnerabilities allowed hackers to easily execute code remotely without the need for end-user interaction.
Ivanti discovered as many as 20 security vulnerabilities in its... Read more
Microsoft urges upgrade to 2023 version Perforce Helix Core Server
Security specialists at Microsoft have discovered four critical vulnerabilities in the Perforce Helix Core Server source code management platform during a routine audit. The vulnerabilities let hackers run code remotely or cause Denial of Service (DoS) problems.
Microsoft security researchers di... Read more
Google fixes Android bug that hackers can abuse without privileges
In its recent security update for Android, Google patched a critical vulnerability that enables so-called zero-click remote code execution (RCE). In addition, 84 other vulnerabilities were addressed.
According to the tech giant, critical vulnerability CVE-2023-40088 was the most important vulner... Read more
Hundreds of thousands of mail servers vulnerable due to Exim bug
Hundreds of thousands of servers running the Exim mail transfer agent (MTA) software are highly vulnerable to remote code execution attacks. The vulnerability has still not been patched.
The vulnerability in question, discovered by Trend Micro, allows for an "Out-of-bounds Write" in the SMTP ser... Read more
Researchers denounce Apple and Google for improperly classifying zero-days
Recently, both Apple and Google patched zero-day vulnerabilities in their software. What was not clear from their disclosures, however, was that both were caused by the exact same bug in the WebP image format. Researchers at Rezilion argue that the tech companies' brevity surrounding these vulnerab... Read more
VMware Aria hit by set of serious SSH vulnerabilities
VMware is warning of two SSH authentication vulnerabilities in Aria Operations for Networks. These can allow hackers to bypass SSH authentication and gain access to private endpoints.
Aria Operations for Networks (VMware Aria), formerly vRealize Network Insight, is a suite for managing and monit... Read more
Thousands of Citrix servers vulnerable once again
Thousands of Citrix Netscaler ADC and Gateway servers are vulnerable to remote code execution (RCE) attacks.
According to ShadowServer researchers, at least 15,000 Citrix Netscaler ADC and Gateway servers have not yet been patched for the CVE-2023-3519 vulnerability found early this month. This ... Read more