Exploit for Relative Path Traversal in Fortinet Fortimanager

Fortimanager insufficient authorization checks CVE-2024-23666...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Resource: Fix for regionintersects vs addmemorydrivermanaged On a system with CXL memory, the resource tree /proc/iomem related to CXL memory may look like this. 490000000-50fffffff: CXL Window 0 490000000-50fffffff: region0...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version simplifies cleanup in the probe function. This also ensures proper cleanup, which helps to resolve memory errors, page faults, btrfs...

Azure File Sync Agent v20 Release – February 2025

Azure File Sync Agent v20 Release – February 2025 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v20 release that is dated February 2025. Additionally, this article contains installation instructions for this release. Improvements and issues that ar...

Managed Network Cloud Firewall: Comprehensive Protection for Network Attack Surface

...

4 Reasons Why MSPs & MSSPs Need to Enhance Attack Surface Management

In today’s rapidly evolving digital landscape, Managed Service Providers MSPs and Managed Security Service Providers MSSPs face increasing challenges. As businesses expand their digital footprints, MSPs and MSSPs are under pressure to deliver comprehensive security services while managing costs,...

CVE-2022-38757

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone bu...

Qualys Unveils mROC: The Industry’s First Managed Risk Operation Center To Help Partners Scale Risk Management Services

The launch of Enterprise TruRisk Management ETM, the world’s first Risk Operations Center ROC in the cloud, in October 2024 has met with an overwhelmingly positive reception from customers. They see the potential of a unified approach to managing cyber risk. We recognize that setting up and...

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon...

The vulnerability of the editFilePost() function in the Gog tool for creating self-governed Git repositories allows a hacker to execute arbitrary code.

The vulnerability of the editFilePost function in the Gogs self-managed Git repository creation tool is related to improper restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data...

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data...

GoCD 安全漏洞

GoCD is a continuous delivery server from GoCD Open Source. A security vulnerability exists in GoCD versions 18.9.0 through 24.4.0, which stems from a vulnerability that allows misuse of the backup configuration feature, which could potentially allow execution of arbitrary scripts on managed...

SUSE CVE-2024-53204

In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtkusb3phyprobe In rtkusb3phyprobe devmkzalloc may return NULL but this returned value is not checked...

DEBIAN-CVE-2024-53199

In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-audmix: Add NULL check in imxaudmixprobe devmkasprintf can return a NULL pointer on failure,but this returned value in imxaudmixprobe is not checked. Add NULL check in imxaudmixprobe, to handle kernel NULL pointer...

ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

Across small-to-medium enterprises SMEs and managed service providers MSPs, the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it's vital to understand the current cybersecurity vendor landscape and...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50189)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50189 advisory. - In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed...

CVE-2024-50189

...

CVE-2024-49878

...

VulnCheck KEV: CVE-2024-50623

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges...