Vulnerability – OWASP Jakarta

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with Read more

By adminowasp, 7 months ago

News

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of Read more

By adminowasp, 7 months ago

News

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the Read more

By adminowasp, 7 months ago

News

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in Read more

By adminowasp, 7 months ago

News

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an Read more

By adminowasp, 7 months ago

News

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: Read more

By adminowasp, 7 months ago

News

BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts Read more

By adminowasp, 7 months ago

News

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of Read more

By adminowasp, 7 months ago

News

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are Read more

By adminowasp, 8 months ago

News

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence Read more

By adminowasp, 8 months ago