News - Page 26 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

Critical Vulnerabilities Found in WSO2 Products

WSO2 announced the discovery of critical vulnerabilities in its “API Manager” and “Identity Server” products. These vulnerabilities allow bypassing authentication mechanisms or resetting user passwords. This situation can particularly put high-level accounts, such as administrators, at risk. The risk could…

News

Critical Vulnerability in D-Link NAS Devices

A critical security vulnerability has been identified in D-Link NAS (Network-Attached Storage) devices. If exploited, this vulnerability could allow attackers to execute malicious code on the devices, posing a serious threat to system and data security. The vulnerability, identified as…

News

Critical Vulnerability Discovered in Apache ZooKeeper

A critical vulnerability has been identified in the Admin Server component of Apache ZooKeeper, potentially allowing attackers to gain unauthorized access to vulnerable systems. This vulnerability, registered as CVE-2024-51504 with a risk score of 9.1, arises in the IPAuthenticationProvider component…

News

Critical Vulnerability Discovered in Drupal

A critical vulnerability has been identified in Drupal’s Basic HTTP Authentication module. This vulnerability allows attackers to bypass the access restrictions set by the module, potentially exposing sensitive content or resources to risk. This vulnerability, designated as SA-CONTRIB-2024-057, pertains to…

News

High-Severity Vulnerability Identified in Veeam Backup Enterprise Manager

A new and critical vulnerability has been identified in the Veeam Backup Enterprise Manager (VBEM) system. This vulnerability could allow attackers to gain unauthorized access to the system, posing a risk to the confidentiality and integrity of backup data. Vulnerability…

News

High-Level Vulnerabilities Found in Cisco Products

Multiple critical vulnerabilities have been discovered in the Cisco AnyConnect VPN server, affecting Cisco Meraki MX and Z Series Teleworker Gateway devices. These vulnerabilities could allow unauthenticated, remote attackers to cause a Denial of Service (DoS) condition on the affected…

News

QNAP QuRouter: Critical Vulnerability Discovered

QNAP Systems, Inc. has released an important security update for its QuRouter devices, addressing a recently discovered zero-day vulnerability. This vulnerability, found during the Pwn2Own 2024 competition, could potentially allow unauthorized access to the system. However, the issue has been…

News

VPN Vulnerability in Cisco ASA and FTD Systems Hackersis being actively used in cyber attacks

A critical vulnerability, CVE-2024-20481, was recently discovered in the Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) systems that are exploited via VPN. This vulnerability is actively exploited by hackers in real cyber attacks. This poses a major…

News

A high-level vulnerability has been discovered in Fortinet’s FortiManager product

FortiManager is Fortinet’s network security infrastructure management product, which is used by many organizations to manage and monitor security policies. With it, enterprises can monitor and update their security policies from one place. Therefore, a vulnerability in the FortiManager system…

News

Callback Phishing Attacks: Stealing Login Credentials Through Google Groups

In recent years, cyber attacks have become more sophisticated and new tactics are being used to steal login credentials. Callback phishing attacks are one such modern tactic. These attacks are different from traditional forms of phishing because they use more…