Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical Read more…

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. Read more…

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. “These vulnerabilities pose significant risks, Read more…

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 – Read more…

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. “The campaign involves modular infection Read more…

Kubernetes Vulnerability

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk Oct 17, 2024Ravie LakshmananVulnerability / Kubernetes A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: Read more…

Enterprise Server

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access Oct 16, 2024Ravie LakshmananEnterprise Security / Vulnerability GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a Read more…