News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: critical

BSI warns: Palo Alto firewalls with critical vulnerability 
16 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI warns: The PAN-OS operating system has a glaring, critical vulnerability that was rated with a CVSS value of 10.0 out of 10. Companies should act immediately and apply upcoming patches or use the available workarounds. According to BSI - the Federal Office for Information Security, on April 12, 2024, the company Palo Alto Networks published an advisory about an actively exploited vulnerability in PAN-OS, the operating system of the manufacturer's firewalls. The vulnerability with the identifier CVE-2024-3400 is an OS command injection in the GlobalProtect Gateway feature, which allows an unauthenticated…

Read more

VMware: Critical 9.9 vulnerability in Aria Automation
18 January 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

VMware reports a critical vulnerability in Aria Automation with a CVSS score of 9.9 and strongly recommends an update. Otherwise, attackers could gain unauthorized access to remote organizations and workflows. The update is ready Aria Automation contains a security vulnerability regarding lack of access control. VMware has assessed the severity of this issue in the Critical Severity range with a maximum CVSSv3 base value of 9.9. The Aria Automation lack of access control vulnerability was defined in CVE-2023-34063. According to VMware, “An authenticated malicious actor could exploit this vulnerability and result in unauthorized access to remote organizations and workflows.” Updates are available…

Read more

Veeam ONE: Hotfix for critical vulnerabilities is available 
16 November 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Veeam is informing its users about two critical and two medium vulnerabilities in Veeam One for which patches are already available. The critical gaps have a CVSS v3 value of 9.9 and 9.8 out of 10. Those responsible should therefore act immediately. The vulnerabilities with the code CVE-2023-38547 and CVE-2023-38548 describe a high level of danger in Veeam ONE. The following versions are affected: Veeam ONE 12 P20230314 (12.0.1.2591) Veeam ONE 11a (11.0.1.1880) Veeam ONE 11 (11.0.0.1379) Two critical vulnerabilities in Veeam One The first vulnerability CVE-2023-38547 with a CVSS v3.1. 9.9:XNUMX in Veeam ONE allows an unauthenticated user to…

Read more

MOVEit team warns of critical WS-FTP 10.0 vulnerability
6 October 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

According to Progress Software, the manufacturer of the MOVEit software, many users use their software for data transport WS-FTP in the server version. Now there is a critical 10.0 WS-FTP vulnerability. And especially after the fatal attack on MOVEit. Again, users should patch immediately. The shock about the MOVEit vulnerability is still deep among many users. A few months ago, the CLOP ransomware gang, also spelled “Cl0p”, was able to exploit various serious security holes and steal and encrypt data. Now all inputs to the MOVEit software are blocked, but the FTP software for data exchange WS-FTP for...

Read more

Microsoft: Exchange server update paralyzes servers
August 11, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Microsoft has released security updates for Exchange vulnerabilities affecting Exchange Server 2019 and 2016. However, these updates will cripple the server if it is not English-speaking. However, Microsoft now offers a workaround so that the servers can be patched. After all, it's about a vulnerability with a CVSS value of 9.8. Some administrators who implement necessary security updates immediately have experienced a bitter surprise. When installing the security updates Exchange Server 2019 and Exchange Server 2016, error messages rained down and some servers were paralyzed afterwards. The problem: As soon as the server was not operated in English, the…

Read more

BSI: Industrial routers and PLCs with critical vulnerabilities
August 9, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

According to BSI: The well-known PLC manufacturer Phoenix Contact has to report a whole series of critical and highly dangerous vulnerabilities in its industrial products: TC ROUTER and TC CLOUD CLIENT, WP 6xxx web panels and in PLCnext control modules. The BSI - Federal Office for Information Security warns of critical and highly dangerous security gaps in the industrial routers TC ROUTER and TC CLOUD CLIENT from the manufacturer Phoenix Contact and calls for immediate action. The manufacturer itself also reports other critical gaps in its WP 6xxx web panels and also in PLCnext control modules. Vulnerable industrial control systems TC ROUTER,…

Read more

Oracle: 508 new security patches for 132 products
July 22, 2023
| No comments
| PR News
Oracle: 508 new security patches for 132 products - Image by Michael Schwarzenberger from Pixabay

In its Oracle Critical Patch Update Advisory - July 2023, Oracle is patching in bulk: There are 508 new security patches for 132 products. The matrix contains updates for over 70 critical vulnerabilities with a CVSS score of 9.0 to 9.8 and countless high-risk vulnerabilities. Administrators should act immediately. Oracle's Critical Patch Update Advisory - July 2023 is many meters long when printed out. The various matrixes present 508 updates for 132 products. Also included: the error description including the CVE number and the CVSS value. Over 70 vulnerabilities are considered Critical and have…

Read more

BSI warns: Citrix ADC with critical 9.8 vulnerability
July 21, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI - Federal Office for Information Security - reports an active exploitation of a vulnerability in the Citrix Application Delivery Controller (ADC). The vulnerability managed with the CVE-2023-3519 has a CVSS value of 9.8 out of 10 and is critical! An update is available. On 18.07.2023/2023/3519 the manufacturer Citrix announced a critical vulnerability in the products NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). The vulnerability is listed under the number CVE-9.8-XNUMX according to Common Vulnerabilities and Exposures (CVE) and has a score of XNUMX according to CVSS.

Read more

Critical 9,8 vulnerability: VMware Aria Operations for Networks 
June 11, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

In a new security notification, the BSI warns of 2 critical and one highly dangerous vulnerability in VMware Aria Operations for Networks. An attacker could exploit the vulnerabilities to execute arbitrary code or disclose information. The critical vulnerabilities in VMware Aria Operations for Networks have baseline CVSSv3 scores of 9,8 and 9,1. The highly dangerous vulnerability still has a value of 8,8. The vulnerabilities are described under the CVE designations CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889. BSI warns of attacks The BSI names the vulnerabilities in its security advisory WID-SEC-2023-138 and warns against exploitation. VMware already offers updates...

Read more

Critical 9,8 vulnerability in Microsoft Message Queuing Service
12 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A vulnerability in the Microsoft Message Queuing Service (MSMQ) allows attackers to take control of a server using just a single packet of data. The component is also part of MS Exchange. A patch for the vulnerability is available and should be installed immediately. A service neglected by Microsoft called Microsoft Message Queuing Service can currently be exploited by criminal hackers to attack corporate networks. Dubbed Queue Jumper, the vulnerability allows attackers to remotely inject and execute arbitrary code. Microsoft has already responded...

Read more

© 2024 MedPressIT GbR
Cookie Settings