vulnerability - Tagged - Security Boulevard

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

Jeffrey Burt — Thu, 28 Mar 2024 13:54:38 +0000

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has been ongoing for at least..

The post Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework appeared first on Security Boulevard.

CVE-2023-48788 Vulnerability Reported in FortiClientEMS

Nik Hewitt — Tue, 26 Mar 2024 14:05:15 +0000

Fortinet’s FortiClient EMS product exploited via CVE-2023-48788, a critical SQL injection vulnerability : OFFICIAL CVE-2023-48788 PATCHING INFORMATION : The CISA (Cybersecurity and Infrastructure Security Agency) has alerted organizations to actively exploit ‘The Fortinet FortiClient EMS vulnerability’ (CVE-2023-48788), a critical SQL injection flaw enabling unauthenticated attackers to execute arbitrary code via crafted requests. An improper neutralization...

The post CVE-2023-48788 Vulnerability Reported in FortiClientEMS appeared first on TrueFort.

The post CVE-2023-48788 Vulnerability Reported in FortiClientEMS appeared first on Security Boulevard.

CVE-2024-21412 Vulnerability Reported in Defender SmartScreen

Nik Hewitt — Thu, 14 Mar 2024 08:15:08 +0000

Guarding against SmartScreen bypass (CVE-2024-21412) and DarkGate malware campaign A recent surge in cyberattacks has seen malevolent actors exploiting a vulnerability in Windows Defender SmartScreen, a critical security feature designed to protect users from running unrecognized or suspicious files from the internet. This particular flaw, identified as CVE-2024-21412, allowed attackers to circumvent SmartScreen’s warnings, deploying...

The post CVE-2024-21412 Vulnerability Reported in Defender SmartScreen appeared first on TrueFort.

The post CVE-2024-21412 Vulnerability Reported in Defender SmartScreen appeared first on Security Boulevard.

How to Streamline the Vulnerability Management Life Cycle

Alex Vakulov — Mon, 11 Mar 2024 13:00:20 +0000

Establishing a vulnerability management process is a crucial part of an organization's cybersecurity strategy and demands thoughtful planning.

The post How to Streamline the Vulnerability Management Life Cycle appeared first on Security Boulevard.

BianLian GOs for PowerShell After TeamCity Exploitation

Drew Schmitt — Fri, 08 Mar 2024 23:29:46 +0000

Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast […]

The post BianLian GOs for PowerShell After TeamCity Exploitation appeared first on Security Boulevard.

Urgent Update: Patching Critical iOS Zero-Day Vulnerabilities

Nik Hewitt — Wed, 06 Mar 2024 03:55:42 +0000

Apple rolls out crucial updates to thwart active cyberattacks exploiting kernel-level iOS zero-day vulnerabilities in iPhones In an important move to strengthen the security of iPhone users, Apple has recently released emergency updates targeting two critical zero-day vulnerabilities within iOS. Cyberattackers are currently exploiting these vulnerabilities to launch sophisticated attacks at the kernel level, posing...

The post Urgent Update: Patching Critical iOS Zero-Day Vulnerabilities appeared first on TrueFort.

The post Urgent Update: Patching Critical iOS Zero-Day Vulnerabilities appeared first on Security Boulevard.

JetBrains TeamCity Vulnerability Requires Immediate Patching

Nik Hewitt — Mon, 04 Mar 2024 10:31:09 +0000

TeamCity, the build management and continuous integration server from JetBrains, requires immediate vulnerability patching : TeamCity 2023.11.4 Update Here : JetBrains, the leading software development company, has issued an urgent security advisory for users of its TeamCity product. The advisory highlights the discovery of two critical vulnerabilities identified as CVE-2024-27198 and CVE-2024-27199, which impact all...

The post JetBrains TeamCity Vulnerability Requires Immediate Patching appeared first on TrueFort.

The post JetBrains TeamCity Vulnerability Requires Immediate Patching appeared first on Security Boulevard.

NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability

NSFOCUS — Fri, 01 Mar 2024 08:30:01 +0000

Overview NSFOCUS received acknowledgments from the Microsoft Security Response Center (MSRC) for reporting Azure Database Service RCE Vulnerability. Azure Database for PostgreSQL – Flexible Server is a relational database service based on the open-source PostgreSQL database engine. It is a fully managed database-as-a-service that can handle mission-critical workloads, offering predictable performance, security, high availability, and dynamic […]

The post NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability appeared first on Security Boulevard.

Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin

Gabi Stapel — Wed, 28 Feb 2024 17:00:14 +0000

A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and allows for SQL injection via the ‘sorting’ parameter due to insufficient input sanitization and preparation of SQL queries. Unauthenticated attackers could exploit this […]

The post Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin appeared first on Blog.

The post Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin appeared first on Security Boulevard.

The curious case of ‘csrf-magic’: A case study in supply chain poisoning

Ax Sharma — Tue, 27 Feb 2024 15:23:25 +0000

Back in the day, Ivanti disclosed CVE-2021-44529, a critical "code injection" vulnerability in its EPM Cloud Services Appliance (CSA) product.

The post The curious case of ‘csrf-magic’: A case study in supply chain poisoning appeared first on Security Boulevard.