Security News
JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately. "Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere strictly to its own vulnerability disclosure policy. This means that their team will publish full technical details of these vulnerabilities and their replication steps within 24 hours of this notice," the company stated today.
The recently patched vulnerabilities in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. After PoC exploits for CVE-2024-1709 have been made public, various attackers began targeting vulnerable public-facing ScreenConnect servers, hoping to use them as a way into enterprise networks.
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month.Sharp CVE increase heightens software vulnerability concerns.
The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect, which contains the fixes for the two flaws and other non-security fixes but - more crucially - customers no longer under maintenance can upgrade to it to protect themselves against exploitation.
VMware Enhanced Authentication Plug-in, a plugin for VMware vSphere, has two vulnerabilities that could be exploited by attackers to mount authentication relay and session hijack attacks. Instead, VMware is urging admins to remove the EAP plugin, whose deprecation was announced back in 2021.
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. The tool leverages the correlation between CVSS and EPSS scores to improve efforts in fixing vulnerabilities.
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...
QNAP Systems has patched two unauthenticated OS command injection vulnerabilities in various versions of the operating systems embedded in the firmware of their popular network-attached storage devices. "Prior to the publication of CVE-2023-47565, Unit 42 researchers initially suspected the ATP-observed vulnerability to affect QNAP NAS systems running QTS firmware. However, on November 17, 2023, Unit 42 conducted reverse engineering and additional investigation of QTS firmware images and discovered the vulnerability now known as CVE-2023-50358. The two vulnerabilities are somewhat similar, but affect different software components in different classes of devices."
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days that are being leveraged by attackers in the wild. CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files.
Hackers are actively exploiting a vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a "Previously unknown and interesting backdoor" dubbed DSLog. Ivanti disclosed CVE-2024-21893 - a server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure and Neurons for ZTA - in late January, when it issued patches for affected devices.