Read more about the article ICS Advisory: Rapid Software LLC Rapid SCADA

ICS Advisory: Rapid Software LLC Rapid SCADA

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource, Open Redirect, Use of Hard-coded Credentials, Plaintext Storage of a Password, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation

Continue ReadingICS Advisory: Rapid Software LLC Rapid SCADA
Read more about the article Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

  • Post author:
  • Post category:

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.   Ivanti reports active exploitation of both

Continue ReadingIvanti Releases Security Update for Connect Secure and Policy Secure Gateways
Read more about the article CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog

  • Post author:
  • Post category:

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21887 Ivanti Connect Secure and Policy Secure Command Injection Vulnerability CVE-2023-46805 Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Continue ReadingCISA Adds Two Known Exploited Vulnerabilities to Catalog
Read more about the article CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

  • Post author:
  • Post category:

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29357 Microsoft SharePoint Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited

Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
Read more about the article Microsoft Releases Security Updates for Multiple Products

Microsoft Releases Security Updates for Multiple Products

  • Post author:
  • Post category:

An official website of the United States government Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure

Continue ReadingMicrosoft Releases Security Updates for Multiple Products