News - Page 21 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

Over 50,000 Fortinet Devices at Risk

Today, as the world of technology continues to evolve rapidly, the importance of network security has become equally critical. However, even the most reliable security systems can sometimes encounter unexpected vulnerabilities. As of January 22, 2025, approximately 50,000 Fortinet firewall…

News

Security Vulnerability in PAM-u2f: Bypassing Two-Factor Authentication

PAM-u2f is a module designed to support two-factor authentication using U2F (Universal 2nd Factor) technology. It is based on the FIDO standard and ensures secure system access with devices like YubiKey, Feitian, or other U2F-compatible tokens. If you are using…

News

Smart Contract Security: OWASP 2025 Top 10 Vulnerabilities

A smart contract is a digital contract operating on blockchain technology, designed to automatically manage processes when specific conditions are met. Simply put, a smart contract is a program or a piece of code that ensures the fulfillment of predefined…

News

A New Vulnerability Detected in Windows CLFS Driver (CVE-2024-49138) Poses a Serious Threat to System Security

A vulnerability identified in the Windows Common Log File System (CLFS) driver, CVE-2024-49138, represents a significant risk for Windows systems. This zero-day vulnerability enables attackers to gain SYSTEM-level privileges without user interaction. It is particularly dangerous for Windows 11 (23H2)…

News

Vulnerability discovered in QNAP systems allows attackers to execute remote code

A critical vulnerability (CVE-2024-53691) has been identified in the QTS and QuTS hero operating systems used by QNAP. This vulnerability allows attackers with user-level privileges to bypass the allowed boundaries of the file system. This vulnerability has a CVSS v4…

News

“NotLockBit” — A New Ransomware Targeting Windows and macOS Systems

A new, highly sophisticated ransomware family named “NotLockBit” is making waves in the cybersecurity field. Mimicking the style of the infamous LockBit ransomware, this malicious software poses a significant threat with its advanced capabilities and cross-platform functionality, targeting both Windows…

News

Hackers Actively Exploiting Vulnerability in FortiClient EMS

Cybersecurity researchers have identified active exploitation of a critical vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Enterprise Management Server (EMS) software. This vulnerability arises from improperly filtered SQL queries, enabling attackers to execute unauthorized code or commands through SQL injection. By exploiting…

News

GitHub Launches “Copilot Free” Service for All Developers

GitHub has introduced a new and free service — “Copilot Free” for all developers. This service is automatically integrated into Visual Studio Code (VS Code), allowing users to access it at no cost. With this initiative, GitHub continues to support…

News

Critical Vulnerabilities in Google Chrome Allow Remote Code Execution

Google has released a crucial update for its Chrome browser, addressing several high-severity vulnerabilities. These vulnerabilities could enable attackers to gain unauthorized access to memory and execute other harmful exploits. The Stable channel of Chrome has been updated to version…

News

Vulnerabilities in Fortinet Allow Remote Execution of Malicious Code

Fortinet, a leader in cybersecurity solutions, has reported two critical vulnerabilities affecting its FortiWLM and FortiManager products. These vulnerabilities could allow attackers to remotely execute unauthorized malicious code, posing a significant threat to corporate networks. Vulnerability in FortiWLM (Wireless LAN…