News – Page 14 – UZCERT Team

Computer Emergency
Response Team

News

Smart Contract Security: OWASP 2025 Top 10 Vulnerabilities

A smart contract is a digital contract operating on blockchain technology, designed to automatically manage processes when specific conditions are met. Simply put, a smart contract is a program or a piece of code that ensures the fulfillment of predefined…

News

A New Vulnerability Detected in Windows CLFS Driver (CVE-2024-49138) Poses a Serious Threat to System Security

A vulnerability identified in the Windows Common Log File System (CLFS) driver, CVE-2024-49138, represents a significant risk for Windows systems. This zero-day vulnerability enables attackers to gain SYSTEM-level privileges without user interaction. It is particularly dangerous for Windows 11 (23H2)…

News

Vulnerability discovered in QNAP systems allows attackers to execute remote code

A critical vulnerability (CVE-2024-53691) has been identified in the QTS and QuTS hero operating systems used by QNAP. This vulnerability allows attackers with user-level privileges to bypass the allowed boundaries of the file system. This vulnerability has a CVSS v4…

News

“NotLockBit” — A New Ransomware Targeting Windows and macOS Systems

A new, highly sophisticated ransomware family named “NotLockBit” is making waves in the cybersecurity field. Mimicking the style of the infamous LockBit ransomware, this malicious software poses a significant threat with its advanced capabilities and cross-platform functionality, targeting both Windows…

News

Hackers Actively Exploiting Vulnerability in FortiClient EMS

Cybersecurity researchers have identified active exploitation of a critical vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Enterprise Management Server (EMS) software. This vulnerability arises from improperly filtered SQL queries, enabling attackers to execute unauthorized code or commands through SQL injection. By exploiting…

News

GitHub Launches “Copilot Free” Service for All Developers

GitHub has introduced a new and free service — “Copilot Free” for all developers. This service is automatically integrated into Visual Studio Code (VS Code), allowing users to access it at no cost. With this initiative, GitHub continues to support…

News

Critical Vulnerabilities in Google Chrome Allow Remote Code Execution

Google has released a crucial update for its Chrome browser, addressing several high-severity vulnerabilities. These vulnerabilities could enable attackers to gain unauthorized access to memory and execute other harmful exploits. The Stable channel of Chrome has been updated to version…

News

Vulnerabilities in Fortinet Allow Remote Execution of Malicious Code

Fortinet, a leader in cybersecurity solutions, has reported two critical vulnerabilities affecting its FortiWLM and FortiManager products. These vulnerabilities could allow attackers to remotely execute unauthorized malicious code, posing a significant threat to corporate networks. Vulnerability in FortiWLM (Wireless LAN…

News

FBI Warns: HiatusRAT Targets Webcams and DVR Devices

The Federal Bureau of Investigation (FBI) has issued a warning about a new threat targeting webcams and digital video recorders (DVR). This threat, known as the HiatusRAT malware, allows cybercriminals to remotely control these devices. The activity of HiatusRAT has…

News

New Vulnerabilities in Apache Tomcat Could Enable Remote Code Execution

Two new critical vulnerabilities have been identified in the popular open-source web server and servlet container Apache Tomcat. These vulnerabilities could allow attackers to perform remote code execution (RCE) and denial-of-service (DoS) attacks. The Apache Software Foundation has released patches…