ChakraCore, Internet Explorer Security Vulnerabilities

AeroNet Wireless Unveils 10Gbps Internet Plan in Puerto Rico, Revolutionising Telecom Industry

By Cyber Newswire AeroNet Wireless is revolutionizing internet connectivity in Puerto Rico with the launch of its groundbreaking 10Gbps plan, the first of its kind on the island. This ultra-fast service offers businesses a significant leap in efficiency, productivity, and competitiveness. This is.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

Ring agrees to pay $5.6 million after cameras were used to spy on customers

Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....

Mitsubishi Electric MELSEC Series CPU Module (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missing...

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities: Exposed Dangerous Method or Function, Absolute Path Traversal,...

Hitachi Energy MACH SCM

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: MACH SCM Vulnerabilities: Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of these...

Multiple Vulnerabilities in Hitachi Energy RTU500 Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the...

Rockwell Automation 5015-AENFTXT (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-AENFTXT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the...

Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming....

Libreswan Installed (Linux / Unix)

Libreswan, a free software implementation of the most widely supported and standardized VPN protocol using 'IPsec' and the Internet Key Exchange ('IKE'), is installed on the remote Linux / Unix...

Azul Zulu Java Multiple Vulnerabilities (2024-01-16)

The version of Azul Zulu installed on the remote host is prior to 6 < 6.61.0.16 / 7 < 7.67.0.16 / 8 < 8.75.0.16 / 11 < 11.69.14 / 17 < 17.47.16 / 21 < 21.31.16. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-01-16 advisory. Vulnerability in the Or...

Low: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

Low: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,.....

Unveiling the Hidden Power of the CMDB in Cybersecurity

In the ever-evolving landscape of cybersecurity, where attacks grow increasingly sophisticated, organizations must leverage every tool at their disposal to stay one step ahead. While CISOs and SecOps teams often focus on disciplines such as vulnerability detection, attack surface management, and...

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...

(RHSA-2024:2042) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:2041) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:2040) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:2039) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:2038) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:2037) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

(RHSA-2024:2036) Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

TikTok comes one step closer to a US ban

The US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. Social video platform TikTok has experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5...

(RHSA-2024:2033) Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

RHEL 6 / 7 / 8 / 9 : Satellite Client Async Security Update (Important) (RHSA-2024:2011)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2011 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

RHEL 8 : libreswan (RHSA-2024:1998)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1998 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

RHEL 8 : tigervnc (RHSA-2024:2039)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2039 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

RHEL 8 : tigervnc (RHSA-2024:2038)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2038 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-1822)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1822 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)....

Oracle Linux 8 / 9 : java-21-openjdk (ELSA-2024-1828)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1828 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)....

Azul Zulu Java Multiple Vulnerabilities (2024-04-16)

The version of Azul Zulu installed on the remote host is prior to 6 < 6.63.0.14 / 7 < 7.69.0.14 / 8 < 8.77.0.14 / 11 < 11.71.14 / 17 < 17.49.16 / 21 < 21.33.14 / 22 < 22.30.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-04-16 advisory. The ...

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

Explorer for Microsoft Teams: "System event messages are unsupported."

This warning occurs because system messages cannot be...

RHEL 9 : libreswan (RHSA-2024:2033)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2033 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2024-1818)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1818 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)....

RHEL 9 : tigervnc (RHSA-2024:2036)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2036 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

RHEL 8 : tigervnc (RHSA-2024:2041)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2041 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

RHEL 9 : tigervnc (RHSA-2024:2040)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2040 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

RHEL 8 : tigervnc (RHSA-2024:2042)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2042 advisory. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the...

Exploit for Code Injection in Crushftp

CVE-2024-4040-RCE-POC CVE-2024-4040 (CrushFTP VFS escape) or...

USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award

This past Friday, April 19, the University of South Florida (USF) College of Engineering recognized individuals and organizations who have greatly impacted USF and beyond at its ninth annual Engineering Honors Awards at The Armature Works in Tampa. I had the honor of joining my colleagues,...

(RHSA-2024:2011) Important: Satellite Client Async Security Update

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Rapid7 vulnerability researcher Ryan Emmons contributed to this blog. On Friday, April 19, 2024, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as legacy 9.x versions) across...

(RHSA-2024:1998) Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

Suspected CoralRaider continues to expand victimology using three information stealers

_By Joey Chen, Chetan Raghuprasad and Alex Karkins. _ Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell...