⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials,...

EUVD-2019-6641

Malware in sbrugna...

CVE-2019-15704

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway...

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28461

CVE-2023-28461 affects Array Networks ArrayOS Array AG Series and vxAG (≤ 9.4.0.481). The vulnerability allows unauthenticated remote code execution by exploiting a flag in an HTTP header to browse the device filesystem and reach a vulnerable URL. PTSecurity notes evidence of active exploitation;...

Citrix Addresses Auth bypass Flaws Affecting ADC and Gateway Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has addressed bugs in Citrix ADC and Citrix Gateway. A remote intruder could exploit either of these flaws to obtain control of a susceptible system. To successfully exploit the vulnerabili...

Information disclosure

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway...

CVE-2019-15704

Fortinet FortiClient for macOS is affected by a local information-disclosure vulnerability in which plaintext-sensitive data logged to the console can be read by an attacker when connecting to an SSL VPN Gateway. Affected component is FortiClient for macOS; root cause involves storing sensitive i...

CVE-2019-15704

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway...