News - Page 25 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

VMware vCenter Server Vulnerabilities Actively Exploited in Attacks

Broadcom has issued a warning about two critical vulnerabilities identified in VMware vCenter Server. One of these vulnerabilities, enabling remote code execution (RCE), is tracked as CVE-2024-38812 and is currently being actively exploited in cyberattacks. Details of the Vulnerabilities Affected…

News

PostgreSQL Releases Security Update for Multiple Vulnerabilities

On November 13, 2024, the PostgreSQL Global Development Group released a critical security update for all supported versions of PostgreSQL. The update applies to PostgreSQL versions 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21. It addresses four security vulnerabilities and fixes…

News

A recently discovered vulnerability in Apache HertzBeat could pose a threat to the security of user data

This vulnerability, identified as CVE-2024-45791, affects all versions of Apache HertzBeat released before version 1.6.1. The issue arises from the exposure of sensitive tokens through HTTP GET requests containing query strings. This flaw could allow attackers to gain unauthorized access…

News

Critical vulnerability discovered in GitHub CLI allows attackers to execute malicious commands

A new security vulnerability has been identified in GitHub’s Command Line Interface (CLI) that could allow attackers to execute malicious commands on a user’s system via remote code execution (RCE). This vulnerability, identified as CVE-2024-32002, affects versions of GitHub CLI…

News

A critical vulnerability discovered in the Laravel framework opens the door for hackers to gain unauthorized access.

A newly discovered critical vulnerability in the Laravel framework, identified as CVE-2024-52301, has raised significant concerns among web developers. This vulnerability potentially allows attackers to gain unauthorized access to applications built on Laravel, threatening the security of data and system…

News

Vulnerability in WordPress plugin puts over 4 million websites at risk

A recently discovered critical security vulnerability in one of WordPress’s most popular plugins, Really Simple Security, has put more than 4 million websites at risk of potential hacking attacks. This major vulnerability has raised significant concerns among plugin users. The…

News

Hackers are attacking GitHub users using a sophisticated new Phishing tool called “GoIssue”

GoIssue is a new, sophisticated phishing tool targeting GitHub users, allowing hackers to collect email addresses from GitHub profiles and launch large-scale phishing attacks. This tool poses a serious threat to GitHub users, especially developers and organizations. Uncovered by cybersecurity…

News

High-Level Vulnerabilities Identified in Fortinet Products

Fortinet has released security updates for several of its products—FortiOS, FortiAnalyzer, FortiManager, and FortiClient for Windows. If these vulnerabilities are not patched, attackers could gain full control of the compromised systems. One of the most severe vulnerabilities, identified as CVE-2024-47575,…

News

SAP Security Update: Patch for High Severity Vulnerabilities

SAP (Systems, Applications, and Products in Data Processing) is an international company and a leader in corporate software, offering integrated solutions to automate and manage business processes. Founded in Germany in 1972, SAP is now one of the largest producers…

News

Hackers Exploiting Veeam RCE Vulnerability to Deploy New “Frag” Ransomware

Hackers are currently exploiting a critical vulnerability in Veeam Backup & Replication software to distribute a new ransomware strain called “Frag.” This vulnerability, tracked as CVE-2024-40711, allows unauthenticated remote code execution. It has a severity score of 9.8 out of…