ISC2 research has found that cybersecurity leaders have limited skills and training in areas like communication, strategic mindset and business acumen
Daily Archives: December 13, 2024
curl-8.9.1-3.fc41
FEDORA-2024-a94430d221
Packages in this update:
curl-8.9.1-3.fc41
Update description:
fix HSTS subdomain overwrites parent cache entry (CVE-2024-9681)
Ivanti Cloud Services Application (CSA) Vulnerabilities (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)
What are the Vulnerabilities?Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) that could lead to privilege escalation and code execution. More details below:CVE-2024-11639, CVSS: 10.0 (Maximum Severity), authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access CVE-2024-11772, CVSS: 9.1 (Critical): Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. CVE-2024-11773, CVSS: 9.1 (Critical): SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. What is the recommended Mitigation?Ivanti has released updates for Ivanti Cloud Services Application which addresses the vulnerabilities. Ivanti Advisory | Learn moreCurrently, there is no known public exploitation of these vulnerabilities, as per the vendor.What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard IPS protection coverage is under review, and this report will be updated as new coverage becomes available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts
Almost three quarters of UK consumers believe bad bots are ruining Christmas by buying up popular gifts, forcing many to purchase expensive alternatives, according to Imperva research
golang-x-crypto-0.31.0-2.fc40
FEDORA-2024-8f83d0ed92
Packages in this update:
golang-x-crypto-0.31.0-2.fc40
Update description:
Fix CVE-2024-45337
golang-x-crypto-0.31.0-2.fc41
FEDORA-2024-c33c95804e
Packages in this update:
golang-x-crypto-0.31.0-2.fc41
Update description:
Fix CVE-2024-45337