News – Page 7 – UZCERT Team

Computer Emergency
Response Team

News

Vulnerability discovered in QNAP systems allows attackers to execute remote code

A critical vulnerability (CVE-2024-53691) has been identified in the QTS and QuTS hero operating systems used by QNAP. This vulnerability allows attackers with user-level privileges to bypass the allowed boundaries of the file system. This vulnerability has a CVSS v4…

News

“NotLockBit” — A New Ransomware Targeting Windows and macOS Systems

A new, highly sophisticated ransomware family named “NotLockBit” is making waves in the cybersecurity field. Mimicking the style of the infamous LockBit ransomware, this malicious software poses a significant threat with its advanced capabilities and cross-platform functionality, targeting both Windows…

News

Hackers Actively Exploiting Vulnerability in FortiClient EMS

Cybersecurity researchers have identified active exploitation of a critical vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Enterprise Management Server (EMS) software. This vulnerability arises from improperly filtered SQL queries, enabling attackers to execute unauthorized code or commands through SQL injection. By exploiting…

News

GitHub Launches “Copilot Free” Service for All Developers

GitHub has introduced a new and free service — “Copilot Free” for all developers. This service is automatically integrated into Visual Studio Code (VS Code), allowing users to access it at no cost. With this initiative, GitHub continues to support…

News

Critical Vulnerabilities in Google Chrome Allow Remote Code Execution

Google has released a crucial update for its Chrome browser, addressing several high-severity vulnerabilities. These vulnerabilities could enable attackers to gain unauthorized access to memory and execute other harmful exploits. The Stable channel of Chrome has been updated to version…

News

Vulnerabilities in Fortinet Allow Remote Execution of Malicious Code

Fortinet, a leader in cybersecurity solutions, has reported two critical vulnerabilities affecting its FortiWLM and FortiManager products. These vulnerabilities could allow attackers to remotely execute unauthorized malicious code, posing a significant threat to corporate networks. Vulnerability in FortiWLM (Wireless LAN…

News

FBI Warns: HiatusRAT Targets Webcams and DVR Devices

The Federal Bureau of Investigation (FBI) has issued a warning about a new threat targeting webcams and digital video recorders (DVR). This threat, known as the HiatusRAT malware, allows cybercriminals to remotely control these devices. The activity of HiatusRAT has…

News

New Vulnerabilities in Apache Tomcat Could Enable Remote Code Execution

Two new critical vulnerabilities have been identified in the popular open-source web server and servlet container Apache Tomcat. These vulnerabilities could allow attackers to perform remote code execution (RCE) and denial-of-service (DoS) attacks. The Apache Software Foundation has released patches…

News

RCE Vulnerability in Apache Struts Actively Exploited

Apache Struts, a popular open-source framework used for developing Java-based web applications, has been found to contain a new vulnerability (CVE-2024-53677) that is already being actively exploited by attackers. Using publicly available Proof of Concept (PoC) code, they can upload…

News

RCE Vulnerability in WordPress ‘WPML’ Plugin Threatens Over 1 Million Websites

A critical Remote Code Execution (RCE) vulnerability (CVE-2024-6386) has recently been discovered in the WordPress Multilingual Plugin (WPML). This vulnerability poses a threat to more than 1,000,000 active WordPress websites worldwide, allowing attackers to gain control over the sites. The…