Cloud Security Alliance News Clipping Site

Tag: Vulnerability Management

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious…

  • The Register: Warning! FortiManager critical vulnerability under active attack

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/23/fortimanager_critical_vulnerability/ Source: The Register Title: Warning! FortiManager critical vulnerability under active attack Feedly Summary: Security shop and CISA urge rapid action Fortinet has gone public with news of a critical flaw in its software management platform.… AI Summary and Description: Yes Summary: The text discusses a critical security vulnerability in Fortinet’s FortiManager control…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/23/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to…

  • The Register: Akira ransomware is encrypting victims again following pure extortion fling

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/22/akira_encrypting_again/ Source: The Register Title: Akira ransomware is encrypting victims again following pure extortion fling Feedly Summary: Crooks revert to old ways for greater efficiency Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims’ files after a break from the typical double extortion tactics.… AI Summary and…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to…

  • The Register: Internet Archive exposed again – this time through Zendesk

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/21/internet_archive_zendesk_access_attack/ Source: The Register Title: Internet Archive exposed again – this time through Zendesk Feedly Summary: Org turns its woes into a fundraising opportunity Despite the Internet Archive’s assurances it’s back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold…

  • Microsoft Security Blog: New macOS vulnerability, “HM Surf”, could lead to unauthorized data access

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/ Source: Microsoft Security Blog Title: New macOS vulnerability, “HM Surf”, could lead to unauthorized data access Feedly Summary: Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

  • The Register: Critical default credential bug in Kubernetes Image Builder allows SSH root access

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/16/critical_kubernetes_image_builder_bug/ Source: The Register Title: Critical default credential bug in Kubernetes Image Builder allows SSH root access Feedly Summary: It’s called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) due to default credentials being enabled during…