News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: weak point

Lancom LCOS with root password vulnerability 
23 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Lancom and the BSI report a configuration bug for the LCOS operating system: A vulnerability with the CVSS value of 6.8 can enable the acquisition of administrator rights. An update is available. The messages on the Lancom website and on the BSI website are not entirely compliant. Both report a vulnerability from LCOS version 10.80 RU1 onwards, but while Lancom sees no danger: “Unauthorized access to the router via the WAN (Internet) is not possible due to this security gap”, the BSI uses the note in its heading: “ Vulnerability allows Erlangen…

Read more

XenServer and Citrix Hypervisor vulnerabilities
22 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Citrix warns of two vulnerabilities in XenServer and Citrix Hypervisor. The security vulnerabilities are only moderately serious, but a quick update is still recommended. Citrix already provides hotfixes for this. According to Citrix, two issues have been identified affecting XenServer and Citrix Hypervisor. A vulnerability could allow unprivileged code in a guest VM to access the memory contents of its own VM or other VMs on the same host. This can result in data or access data being stolen. Memory contents of other VMs can be copied Citrix presents the issues under the following CVE identifiers: CVE-2024-2201 and CVE-2024-31142. However…

Read more

Holy LG WebOS endangers presentation TVs in companies 
17 April 2024
| No comments
| Bitdefender, Short news
Bitdefender_News

Many companies now have large TV sets in conference rooms for events or video conferences. The problem with security gaps in LG WebOS shows that this can unexpectedly introduce vulnerabilities behind the firewall. The experts at Bitdefender Labs have discovered vulnerabilities in LG WebOS and informed the manufacturer. The gaps, which had already been closed with a push patch from LG, allowed hackers to add new users, gain root access and thus compromise the entire smart home network. Users are encouraged to check whether LG WebOS on their LG TVs is in the updated version as of March 22, 2024….

Read more

BSI warns: Palo Alto firewalls with critical vulnerability 
16 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI warns: The PAN-OS operating system has a glaring, critical vulnerability that was rated with a CVSS value of 10.0 out of 10. Companies should act immediately and apply upcoming patches or use the available workarounds. According to BSI - the Federal Office for Information Security, on April 12, 2024, the company Palo Alto Networks published an advisory about an actively exploited vulnerability in PAN-OS, the operating system of the manufacturer's firewalls. The vulnerability with the identifier CVE-2024-3400 is an OS command injection in the GlobalProtect Gateway feature, which allows an unauthenticated…

Read more

FortiOS and FortiProxy with a highly dangerous vulnerability
11 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Fortinet reports a vulnerability with a CVSS score of 7.5 for FortiOS and FortiProxy and is therefore considered highly dangerous. Attackers could retrieve the administrator cookie and thus gain unauthorized access. Various updates are available from Fortinet. Fortinet describes the security notification for the high-risk vulnerability with CVSS score 7.5 as follows: “A vulnerability with insufficiently protected credentials in FortiOS and FortiProxy could, in rare and specific cases, allow an attacker to obtain the administrator cookie by convincing the administrator to do so to visit a website controlled by malicious attackers via SSL VPN.” In this way…

Read more

Dell PowerEdge servers with a highly dangerous vulnerability
7 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Dell warns users of PowerEdge servers: A highly dangerous vulnerability in the BIOS of PowerEdge servers could give a malicious user increased rights management and allow local attackers to access without authentication. Dell does not describe exactly how the attack can occur on the Dell PowerEdge servers. The list of affected devices suggests that the BIOS update must be very important - it is extremely long. The threat described is as follows: “The Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a privilege management vulnerability. An unauthenticated local attacker could...

Read more

Critical CVSS 10.0 backdoor in XZ for Linux
5 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI has issued a warning about a critical 10.0 vulnerability in the XZ tool within Linux. Only Fedora 41 and Fedora Rawhide in the Red Hat family are affected. Since the vulnerability has now become known in the media, attacks can also be expected. The BSI - the Federal Office for Information Security - warns of a critical vulnerability that is distributed by malware in Linux distributions. The open source provider Red Hat announced on March 29.03.2024, 5.6.0 that in versions 5.6.1 and XNUMX .XNUMX of the “xz” tools and libraries discovered malicious code that allows to bypass authentication in sshd via systemd….

Read more

Vulnerability in tachograph could be infected by worm
1 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Vulnerabilities in common electronic tachographs (ELDs) could be present in more than 14 million U.S. trucks, according to researchers at Colorado State University. The experts demonstrated how the attacks could take place. U.S. regulations require modern trucks to be equipped with electronic logging devices (ELDs), but these have become potential cybersecurity threat vectors. Research from three Colorado State University experts uncovers three critical vulnerabilities in commonly used ELDs. Three vulnerabilities in the tachographs First they showed that the ELDs can be controlled wirelessly to any controller area network...

Read more

Microsoft Defender can be tricked
23. February 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Microsoft's antivirus program Defender contains a component that is intended to detect and prevent the execution of malicious code using Rundll32.exe. However, this mechanism can be easily tricked, as a security researcher has discovered. All that is needed for the cyber attack is a simple comma to get past Microsoft Defender. All you have to do is insert an additional comma in the correct place in the code below and Microsoft Defender will see a harmless file instead of the threat. Security researcher John Page discovered the critical vulnerability. The vulnerability was discovered by Computer Emergency Response…

Read more

VMware: Critical 9.9 vulnerability in Aria Automation
18 January 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

VMware reports a critical vulnerability in Aria Automation with a CVSS score of 9.9 and strongly recommends an update. Otherwise, attackers could gain unauthorized access to remote organizations and workflows. The update is ready Aria Automation contains a security vulnerability regarding lack of access control. VMware has assessed the severity of this issue in the Critical Severity range with a maximum CVSSv3 base value of 9.9. The Aria Automation lack of access control vulnerability was defined in CVE-2023-34063. According to VMware, “An authenticated malicious actor could exploit this vulnerability and result in unauthorized access to remote organizations and workflows.” Updates are available…

Read more

© 2024 MedPressIT GbR
Cookie Settings