After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware.
Threat update
VMware has recently released software updates to address a security flaw believed to have already been patched in vCenter Server. The vulnerability, known as CVE-2024-38812 with a CVSS score of 9.8, is a heap-overflow vulnerability. Continue reading this Cybersecurity Threat Advisory to mitigate your risk.
Threat update
A critical security flaw in the Apache Avro Java Software Development Kit (SDK), tracked as CVE-2024-47561, poses a significant threat to systems using this data serialization framework. A successful exploitation allows an attacker to execute arbitrary code on vulnerable instances. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate your risk.
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.
Threat update
A critical security flaw known as CVE-2024-27322 with a CVSS score of 8.8, has been discovered within the R programming language. Attackers can craft malicious RDS files or R packages that embed arbitrary R code.
Threat update
Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the affected Exchange Server.
Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks.
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation.