FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

By Newsroom — January 16th 2024 at 13:39
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security
☐ ☆ ✇ The Hacker News

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

By Newsroom — December 27th 2023 at 15:39
A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released
☐ ☆ ✇ The Hacker News

New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products

By THN — July 13th 2023 at 05:16
SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four
☐ ☆ ✇ The Hacker News

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

By Ravie Lakshmanan — March 10th 2023 at 13:50
A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week. The
☐ ☆ ✇ The Hacker News

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

By Ravie Lakshmanan — July 22nd 2022 at 18:35
Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in
❌