News – Page 3 – UZCERT Team

Computer Emergency
Response Team

News

Surge in Cyberattacks on Cisco’s VPN System

Cisco has confirmed that a cross-site scripting (XSS) vulnerability in its Adaptive Security Appliance (ASA) software is actively being exploited in the wild. This vulnerability, registered as CVE-2014-2120, was first discovered in 2014 but remains a significant threat. Exploiting this…

News

Critical Vulnerabilities Discovered in IBM Security Verify Access

IBM (International Business Machines Corporation) is one of the world’s largest technology companies, founded in 1911 in the United States. The company provides advanced solutions in various fields, including IT infrastructure, artificial intelligence, cybersecurity, data analytics, and cloud technologies. IBM…

News

Vulnerability in Active Directory Certificate Services Allows Attackers to Escalate Privileges

A critical vulnerability has been discovered in Microsoft’s Active Directory Certificate Services (AD CS). This vulnerability enables attackers to escalate privileges within the system and potentially gain control at the domain administrator level. The vulnerability was identified by TrustedSec in…

News

SQL Injection in Zabbix Allows Complete System Takeover

Zabbix, a widely used open-source monitoring tool for networks and systems, has recently been found to contain a critical security vulnerability. This flaw could enable attackers to gain complete control over affected systems. The vulnerability, identified as CVE-2024-42327, affects multiple…

News

Vulnerability discovered in NVIDIA UFM systems allows unauthorized access to the system

NVIDIA UFM (Unified Fabric Manager) is a network management system developed by NVIDIA, designed for high-performance computing and data centers. UFM is used for managing, monitoring, and configuring network infrastructure. The UFM system provides various features to improve performance and…

News

WordPress Plugin Vulnerability Puts 200,000 Sites at Risk

On October 30, 2024, a critical vulnerability was discovered in the Anti-Spam by CleanTalk WordPress plugin, potentially affecting more than 200,000 active installations. This vulnerability allows attackers to install, activate, or delete plugins without authorization, which can lead to remote…

News

Remote code execution vulnerabilities discovered in Veritas Enterprise Vault

Veritas Enterprise Vault (EV) is a software platform designed for enterprises that enables centralized archiving and management of corporate data, including emails, files, social media content, voicemails, and other information. EV is widely used in industries such as legal, finance,…

News

Decade-Old Vulnerabilities in Ubuntu Server Allow Attackers to Gain Root Access

Several decade-old Local Privilege Escalation (LPE) vulnerabilities found in the needrestart component, installed by default in Ubuntu Server, allow local attackers to gain root access on the system. Needrestart is a utility that checks whether the system needs to be…

News

Critical Vulnerability in Drupal Core

Among content management systems (CMS) widely used around the world, a dangerous vulnerability has been identified in Drupal Core. Exploiting this vulnerability allows attackers to execute malicious code through users’ browsers. This vulnerability is mainly related to the Overlay module…

News

Critical Vulnerability Found in Oracle’s “Agile PLM” Framework

Oracle has issued an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management (PLM) framework, which is currently being actively exploited in real-world attacks. The vulnerability, identified as CVE-2024-21287, allows unauthenticated attackers to gain access to…