Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Tibbo AggreGate Network Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tibbo Equipment: AggreGate Network Manager Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Tibbo products are affected: Aggregate Network Manager: Versions 6.34.02 and prior 3.2 Vulnerability Overview 3.2.1 Unrestricted Upload of File with Dangerous Type CWE-434 There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server. CVE-2024-12700 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated f...

us-cert
Open in Source
#vulnerability#web#js#auth#zero_day
Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys

SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…

Does Desktop AI Come With a Side of Risk?

Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?

Cl0p Ransomware Exploits Cleo Vulnerability, Threatens Data Leaks

SUMMARY The Cl0p ransomware group has recently claimed responsibility for exploiting a critical vulnerability in Cleo’s managed file…

Firmware Security: Identifying Risks to Implement Best Cybersecurity Practices

Find out the key security risks of firmware security: Identify threats, and learn best practices and protection methods…

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more.

Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn

Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.

US Sanctions Chinese Cybersecurity Firm for Firewall Exploit, Ransomware Attacks

SUMMARY The United States has taken strong action against a Chinese cybersecurity company, Sichuan Silence Information Technology, for…

Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.