Category: Cybersecurity News
-
New Updates for OpenSSH Security Vulnerabilities (DOS, MITM)
New updates have been released for OpenSSH, the widely used Secure Shell protocol commonly used for connecting to and logging in to remote machines, which a vulnerability recently discovered allowed the possibility for machine-in-the-middle (MITM) attacks and denial of service (DOS) attacks. Researches with Qualysis’ Threat Research Unit recently reported the vulnerabilities affecting both a…
-
Prometheus Security Flaws Expose Servers to Remote Attacks, Researchers Warn
Prometheus, a widely used open-source monitoring and alerting toolkit, has been found to have serious vulnerabilities that could allow cybercriminals to steal sensitive data, run malicious code, or even launch denial-of-service (DoS) attacks. Prometheus is a powerful tool designed to record, query and visualize real-time metrics from systems, containers, and applications. Researches from Aqua Security…
-
WordPress Plugin, Hunk Companion, Critical Vulnerability Patched
A serious security vulnerability has been discovered in the Hunk Companion plugin for WordPress, affecting versions before 1.9.0. Researches at WPScan found the vulnerability of the Hunk Companion, a plugin used for themes by ThemeHunk, through a failed validation from a hardlink within the plugin’s code to WordPress’ plugin repository. The vulnerability allows unauthenticated requests…
-
Apache Releases Update for Struts RCE Vulnerability
A new update has been released by Apache to address a critical Remote Code Execution (RCE) vulnerability affecting the open-source Apache Struts framework. Apache Struts is widely used for developing modern Java web applications, making this vulnerability a significant concern for developers. Vulnerabilities The security vulnerability (CVE-2024-53677) impacts Apache Struts versions: With a CVSS (Common…
-
Apple’s iOS 18.2, iPadOS 18.2 & macOS 15.2 Updates Include Critical Security Patches
Apple has rolled out its iOS 18.2, iPadOS 18.2 and macOS 15.2 updates with a whole set of new features for its Apple AI Intelligence, along with several critical security patches across a wide range of devices. This new update brings optimizations, AI, and enhancements to privacy and security resolving issues that could have allowed…
-
Microsoft Patch Tuesday Update Fixes Many Security Vulnerabilities, Flaws Including CLFS, LDAP Bugs
Microsoft has released it’s Patch Tuesday December update, usually available on the second Tuesday of every month, with a bunch of security updates and patches. Many of the patches are for vulnerabilities with at least a medium severity CVSS (Common Vulnerability Scoring System) score (most are over 6.0 on a scale of 1-10, 10 being…
-
Zero-Day Vulnerability in Cleo File Transfer Software Found
A critical vulnerability has been found in Cleo’s file transfer software Harmony, VLTrader, and LexiCom affecting versions 5.8.0.21. Researches at Huntress identified this flaw, which exists in its lack of restrictions in uploading and downloading, that allows remote code execution. In their proof of concept, they found attack indictations in the installation logs. These logs…
Categories:
Have any comments or suggestions? Feel free to let us know!
