News - Page 21 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

Cisco Meeting Management vulnerability could allow attackers to gain administrator privileges

Another significant issue in the field of technology security has been identified: a new vulnerability has been discovered in Cisco Meeting Management, potentially allowing attackers to gain administrator privileges within the system. This vulnerability is tracked as CVE-2025-20156 and is…

News

A Critical Vulnerability Discovered in Windows File Explorer

As technology security becomes increasingly complex each day, new vulnerabilities continue to pose threats to our systems. The vulnerability identified in Windows File Explorer under the identifier CVE-2024-38100 is a clear example of this issue. This vulnerability has raised concerns…

News

Over 50,000 Fortinet Devices at Risk

Today, as the world of technology continues to evolve rapidly, the importance of network security has become equally critical. However, even the most reliable security systems can sometimes encounter unexpected vulnerabilities. As of January 22, 2025, approximately 50,000 Fortinet firewall…

News

Security Vulnerability in PAM-u2f: Bypassing Two-Factor Authentication

PAM-u2f is a module designed to support two-factor authentication using U2F (Universal 2nd Factor) technology. It is based on the FIDO standard and ensures secure system access with devices like YubiKey, Feitian, or other U2F-compatible tokens. If you are using…

News

Smart Contract Security: OWASP 2025 Top 10 Vulnerabilities

A smart contract is a digital contract operating on blockchain technology, designed to automatically manage processes when specific conditions are met. Simply put, a smart contract is a program or a piece of code that ensures the fulfillment of predefined…

News

A New Vulnerability Detected in Windows CLFS Driver (CVE-2024-49138) Poses a Serious Threat to System Security

A vulnerability identified in the Windows Common Log File System (CLFS) driver, CVE-2024-49138, represents a significant risk for Windows systems. This zero-day vulnerability enables attackers to gain SYSTEM-level privileges without user interaction. It is particularly dangerous for Windows 11 (23H2)…

News

Vulnerability discovered in QNAP systems allows attackers to execute remote code

A critical vulnerability (CVE-2024-53691) has been identified in the QTS and QuTS hero operating systems used by QNAP. This vulnerability allows attackers with user-level privileges to bypass the allowed boundaries of the file system. This vulnerability has a CVSS v4…

News

“NotLockBit” — A New Ransomware Targeting Windows and macOS Systems

A new, highly sophisticated ransomware family named “NotLockBit” is making waves in the cybersecurity field. Mimicking the style of the infamous LockBit ransomware, this malicious software poses a significant threat with its advanced capabilities and cross-platform functionality, targeting both Windows…

News

Hackers Actively Exploiting Vulnerability in FortiClient EMS

Cybersecurity researchers have identified active exploitation of a critical vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Enterprise Management Server (EMS) software. This vulnerability arises from improperly filtered SQL queries, enabling attackers to execute unauthorized code or commands through SQL injection. By exploiting…

News

GitHub Launches “Copilot Free” Service for All Developers

GitHub has introduced a new and free service — “Copilot Free” for all developers. This service is automatically integrated into Visual Studio Code (VS Code), allowing users to access it at no cost. With this initiative, GitHub continues to support…