Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

A critical vulnerability in Progress Kemp's LoadMaster platform, identified as CVE-2024-1212 with a CVSS score of 10, allows remote attackers to execute arbitrary commands without authentication. Progress Kemp has issued patches for this flaw and recommends users update their systems, adhere to new password policies, and follow security hardening guidelines to mitigate risks.
Bitdefender identified a vulnerability in Apple's Shortcuts app affecting macOS, iOS, and iPadOS devices, enabling attackers to bypass privacy protections and exfiltrate sensitive data without consent. Apple has mitigated this CVE-2024-23204 vulnerability, with a CVSS score of 7.5, through software updates that enhance permission checks.
The Sonar Vulnerability Research Team discovered multiple XSS security flaws in Joomla's core filter component, tracked as CVE-2024-21726, affecting versions up to 5.0.2/4.4.2. This vulnerability, significant due to Joomla's extensive use on the internet, allows attackers to execute remote code by tricking an administrator. Joomla has released updates (5.0.3/4.4.3) to mitigate this risk, urging users to upgrade immediately.
VMware has advised administrators to remove the VMware Enhanced Authentication Plugin (EAP) due to critical security vulnerabilities, including authentication relay and session hijack risks in Windows domain environments, identified as CVE-2024-22245 (CVSS 9.6) and CVE-2024-22250 (CVSS 7.8). Despite being phased out since March 2021, it poses significant security threats. VMware recommends using more secure authentication methods and has provided instructions for removing or disabling the EAP.
ConnectWise has identified a critical remote code execution vulnerability in ScreenConnect, urging administrators to update to version 23.9.8 immediately. This flaw, with a CVSS score of 10.0, allows for authentication bypass and remote code execution. Another issue, a path traversal flaw, has a CVSS score of 8.4. While CVE IDs have not been assigned, updates are available for on-premise versions to prevent potential exploitation. Cloud servers on screenconnect.com and hostedrmm.com are secured, but over 8,800 vulnerable servers were found online, highlighting the urgency for updates.
CISA has issued an alert for critical vulnerabilities in the Ethercat Plugin for Zeek, affecting Industrial Control Systems Network Protocol Parsers. These include out-of-bounds write (CVE-2023-7244, CVE-2023-7243, CVSS 9.8) and out-of-bounds read (CVE-2023-7242, CVSS 9.8) issues, potentially enabling remote code execution, crashing the Zeek process, and leaking information. Users are advised to update to commit 3bca34c or later to mitigate these risks, with no exploits reported as of February 20, 2024, but with a significant potential impact on global critical infrastructure.
Commend has issued an alert for critical vulnerabilities in its WS203VICM video door station, impacting security by allowing sensitive information access or causing system restarts. The vulnerabilities, exploitable remotely with low complexity, include CVE-2024-21767 (Improper Access Control, CVSS 9.4), CVE-2024-22182 (Argument Injection, CVSS 8.6), and CVE-2024-23492 (Weak Encoding for Password, CVSS 5.7). Users are advised to upgrade to firmware version WS-CM 2.0 to mitigate these risks, especially in critical commercial facilities sectors.
CU Solutions Group (CUSG) CMS, serving 275 credit unions in the U.S., reported three critical vulnerabilities enabling attackers to gain "ultra admin" privileges, potentially leading to credential theft and account takeovers. The issues include a blind SQL injection bug (CVE-2023-48987, CVSS 9.8) and two XSS bugs (CVE-2023-48985 and CVE-2023-48986, CVSS 8.2 each). Users are urged to upgrade to version 7.75 and enable multi-factor authentication.
A critical Remote Code Execution vulnerability CVE-2024-25600 in Bricks Builder versions before 1.9.6.1 has been identified, allowing attackers to control affected websites remotely. The issue, rated up to 10/10 in severity, was swiftly patched by Bricks, urging users to update immediately for security.
SolarWinds has patched five vulnerabilities in its Access Rights Manager software, addressing risks of remote code execution and directory traversal, with updates available in the 2023.2.3 release and no known exploitations reported.