Vulnerabilities Critical Vulnerability Allows Access to QNAP NAS Devices Critical-severity vulnerability could allow network attackers to access QNAP NAS devices without authentication. Ionut ArghireMarch 11, 2024
Vulnerabilities Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks 150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but there is still no evidence of widespread exploitation. Eduard KovacsMarch 11, 2024
Vulnerabilities In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility Noteworthy stories that might have slipped under the radar: Google AI bug bounties, font vulnerabilities, IBM opens new training facility. SecurityWeek NewsMarch 8, 2024
Vulnerabilities Cisco Patches High-Severity Vulnerabilities in VPN Product High-severity flaws in Cisco Secure Client could lead to code execution and unauthorized remote access VPN sessions. Ionut ArghireMarch 7, 2024
Vulnerabilities CISA Warns of Pixel Phone Vulnerability Exploitation CISA adds Pixel Android phone (CVE-2023-21237) and Sunhillo SureLine (CVE-2021-36380) flaws to its known exploited vulnerabilities catalog. Eduard KovacsMarch 6, 2024
Mobile & Wireless Apple Blunts Zero-Day Attacks With iOS 17.4 Update Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild. Ryan NaraineMarch 5, 2024
Malware & Threats VMware Patches Critical ESXi Sandbox Escape Flaws The most serious flaws allow hackers with local admin rights to execute code as the virtual machine's VMX process running on the host. Ryan NaraineMarch 5, 2024
Vulnerabilities Critical Vulnerability Exposes TeamCity Servers to Takeover A critical authentication bypass in TeamCity allows remote attackers to take full control of vulnerable servers. Ionut ArghireMarch 5, 2024
IoT Security Hikvision Patches High-Severity Vulnerability in Security Management System A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs. Ionut ArghireMarch 4, 2024
Vulnerabilities CISA Warns of Windows Streaming Service Vulnerability Exploitation CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild. Ionut ArghireMarch 1, 2024
Vulnerabilities Meta Patches Facebook Account Takeover Vulnerability Meta has patched a critical vulnerability that could have been exploited to take over any Facebook account via a brute-force attack. Eduard KovacsFebruary 29, 2024
Vulnerabilities Cisco Patches High-Severity Vulnerabilities in Data Center OS Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities. Ionut ArghireFebruary 29, 2024