If you got any Windows server 0days, now is the time.
If you got any Windows server 0days, now is the time.
Major zero-day alert: A vulnerability is being actively exploited in AMI’s MegaRAC BMC software, potentially impacting thousands of servers across AMD, ARM, Supermicro, and more.
Redfish interface flaw enables full root access
Attackers can bypass authentication entirely
Supply chain vendors affected
BMCs exposed to the internet = catastrophic risk
CISA deadline for mitigation: July 16
This isn’t theoretical. Exploitation is happening now. If you haven’t patched and locked down your out-of-band server management, you’re leaving the door wide open.
Is your team treating BMCs as a core part of your threat surface?
#CyberSecurity #ZeroDay #VulnerabilityManagement #CISO #PatchNow
https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/
Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.
748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.
Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network
Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.
Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.
Need help testing your network for exploitable print devices? Contact us and our pentest team can help!
Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug
#WARN Severe #RealityFault. #AlternativeReality encountered. #TruthMissing.
#FAULT #Newspeak #AI recursion. #Realspeak correction route 404_NOT_FOUND. Call #OrwellSupport for patch to #SocietySystems
INFO #Orwell #HealthSupport. We invert it to make it #right. From #Skynet to #Peopleverse we serve #YOU. Please dial #CriticalThinking101 for our #WickedSolution #DeliveryService
The Apache Software Foundation has uncovered critical vulnerabilities in MINA, HugeGraph-Server, and Traffic Control, with one flaw scoring a maximum 10/10!
Admins are urged to patch ASAP to avoid potential exploits, especially during the busy holiday season.
Read more here: https://www.techradar.com/pro/security/apache-foundation-urges-users-to-patch-now-and-fix-major-security-worries #CyberSecurity #Apache #PatchNow #InfoSec #newz
️ #CERTWarnung
️
In #FortiManager von Fortinet wurde eine Zero-Day #Schwachstelle geschlossen, die seit Juni ausgenutzt wird. Eine Kompromittierung ist zu prüfen. Kunden sollten unverzüglich ihre Geräte absichern. #PatchNow
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-282848-10Ub2.html
Attention!! FreeBSD Users.
CVE-2024-43102 : CVSS Sore 10 : Use-After-Free vulnerability in FreeBSD could lead to COMPLETE SYSTEM COMPROMISE.
Advisory Links:
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc
#PatchNOW
#FreeBSD
#Linux
#Vulnerability
#cybersecurity
#ComputerSecurity
#hacked
#Cyberattack
#infosec
#informationsecurity
#DataBreach
Critical OpenVPN Vulnerabilities Expose Millions of Devices to RCE Attack
Microsoft researchers have identified multiple vulnerabilities in OpenVPN, a widely used open-source VPN software. These flaws can be exploited for remote code execution (RCE) and local privilege escalation (LPE), potentially allowing attackers to take full control of affected devices.
Key Vulnerabilities:
• CVE-2024-27459: Stack overflow leading to DoS and LPE on Windows.
• CVE-2024-24974: Unauthorized access to the OpenVPN service named pipe on Windows.
• CVE-2024-27903: Plugin mechanism flaw causing RCE on Windows and LPE on multiple platforms.
• CVE-2024-1305: Memory overflow in the Windows TAP driver leading to DoS.
Protect Your Systems:
Update to OpenVPN versions 2.6.10 or 2.5.10 immediately to mitigate these risks. Regularly monitor your network for unusual activities and ensure all security measures are up to date.
Microsoft Patch Tuesday July 2024
(Pic 1) List of KBs released corresponding to each OS
(Pic 2) List of Zero-days released(2 of them exploited in-the-wild already)
**Patch CVE-2024-38080 and CVE-2024-38112 NOW !!
CVE-2024-38080(Zero-day Exploited-in-the-wild): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080
CVE-2024-38112(Zero-day Exploited-in-the-wild): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38112
CVE-2024-35264: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-35264
CVE-2024-37985: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-37985
List of Vulnerabilities addressed in Patch Tuesday July 2024:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2024-Jul
#PatchTuesday
#Microsoft
#PatchNOW
#cybersecurity
#CyberSec
#hacked
#Cyberattack
#infosec
#informationsecurity
#CyberSecurityAwareness
#DataBreach
#zeroday
#tech
#Privacy
CVE-2024-4577 : Upgrade your PHP versions NOW !!
DEVCORE Blog:
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
PHP 8.1.29 ChangeLog :
https://www.php.net/ChangeLog-8.php#8.1.29
PHP 8.2.20 ChangeLog:
https://www.php.net/ChangeLog-8.php#8.2.20
PHP 8.3.8 ChangeLog:
https://www.php.net/ChangeLog-8.php#8.3.8
Proof-of-Concept Script:
https://github.com/watchtowrlabs/CVE-2024-4577
#PatchNOW
#PHP
#cybersecurity
#hacked
#Cyberattack
#infosec
#informationsecurity
#CyberSecurityAwareness
#DataBreach
#zeroday
#tech
#Privacy
If you haven't patched your Fortinet FortiSIEM yet, you really should as the researchers who discovered CVE-2024-23108 (CVSS score of 10/10) has released the proof of concept exploit code into the wild.
Seriously, patch now!
www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now
#infosec #cybersecurity #fortinet #patchnow #CVE_2024_23108
Urgent: CVE-2024-1086 : Upgrade your Linux Distribution's Kernel right now!!
NIST Database:
https://nvd.nist.gov/vuln/detail/CVE-2024-1086
Oracle Linux 7/8/9 and Oracle VM verion 3:
https://linux.oracle.com/cve/CVE-2024-1086.html
SuSE Linux:
https://www.suse.com/security/cve/CVE-2024-1086.html
Amazon Linux 2 and Linux 2023:
https://alas.aws.amazon.com/cve/html/CVE-2024-1086.html
RHEL 7/8/9 and Cent OS 7:
https://access.redhat.com/security/cve/CVE-2024-1086
Fedora 39:
https://bodhi.fedoraproject.org/updates/FEDORA-2024-2116a8468b
Ubuntu:
https://ubuntu.com/security/CVE-2024-1086
Rocky Linux 8:
https://errata.rockylinux.org/RLSA-2024:1614
#PatchNOW
#cybersecurity
#hacked
#Cyberattack
#infosec
#informationsecurity
#CyberSecurityAwareness
#DataBreach
#zeroday
️#CERTWarnung
️
Microsoft gab bekannt, dass auf eine kritische #Schwachstelle in #Exchange, die im Rahmen des Februar-Patchdays geschlossen wurde, bereits Angriffe stattfinden. #PatchNow
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-214205-1032
" Windows SmartScreen Bypass Alert: CVE-2024-21351 Unveiled
"
A new vulnerability, CVE-2024-21351, exposes a security feature bypass in Windows SmartScreen, enabling attackers to execute arbitrary code by tricking users into opening a malicious file. This flaw, with a CVSS score of 7.6, follows the previously patched CVE-2023-36025, indicating a method to circumvent Microsoft's efforts in securing its SmartScreen feature. Attackers exploit this vulnerability actively in the wild, despite Microsoft's release of an official fix.
Technical breakdown: CVE-2024-21351 allows code injection into SmartScreen, bypassing protections and potentially leading to data exposure or system unavailability. Cybersecurity professionals must understand the attack vector, which requires social engineering to convince a user to open a malicious file.
Tags: #CyberSecurity #WindowsSecurity #CVE2024-21351 #SmartScreenBypass #Vulnerability #PatchNow #InfoSecCommunity #ThreatIntelligence
Mitre CVE Summary: CVE-2024-21351
️#CERTWarnung
️
Für eine OS Command Injection #Schwachstelle in den sehr weitverbreiteten #QNAP NAS-Lösungen wurde #PoC-Code veröffentlicht. Betreiber sollten schnellstmöglich die empfohlenen Schutzmaßnahmen prüfen! #PatchNow
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032
️#CERTWarnung
️
Der Hersteller #Fortinet hat für zwei kritische #Schwachstellen in FortiOS Patches veröffentlicht. Eine der Schwachstellen wird wahrscheinlich bereits ausgenutzt. #PatchNow
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213797-1032
️#CERTWarnung
️
Eine kritische #Schwachstelle in #GitLab erlaubt es Konten ohne 2FA zu übernehmen. Durch die Veröffentlichung eines Proof-of-Conecepts ist von einer stattfindenden Ausnutzung auszugehen. #PatchNow
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-205245-1032
️#CERTWarnung
️
Die #Schwachstelle CVE-2023-46604 in Apache #ActiveMQ wird aktiv ausgenutzt. Entfernte Angreifende können ActiveMQ Server kompromittieren und Ransomware-Angriffe durchführen.
Mehr dazu hier: https://www.bsi.bund.de/dok/1099178