Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

/in

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users.
The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0.
“In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or

The Hacker News – ​Read More

Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover

/in

The US broadband provider fixed an issue that allowed attackers to gain access to business customers’ modems, and then access info and execute commands with the same permissions of an ISP support team.

darkreading – ​Read More

Perfecting the Proactive Security Playbook

/in

It’s more important than ever for organizations to prepare themselves and their cybersecurity postures against known and unknown threats.

darkreading – ​Read More

Details of Atlassian Confluence RCE Vulnerability Disclosed

/in

SonicWall has shared technical details on a recently addressed high-severity remote code execution flaw in Confluence.

The post Details of Atlassian Confluence RCE Vulnerability Disclosed appeared first on SecurityWeek.

SecurityWeek – ​Read More

NIST Commits to Vulnerability Plan, But Researchers’ Concerns Remain

/in

The agency aims to burn down the backlog of vulnerabilities that need enrichment using additional funding and a third-party contract, but what’s the long-term solution?

darkreading – ​Read More

Progress Patches Critical Vulnerability in Telerik Report Server

/in

A critical vulnerability in the Progress Telerik Report Server could allow unauthenticated attackers to access restricted functionality.

The post Progress Patches Critical Vulnerability in Telerik Report Server appeared first on SecurityWeek.

SecurityWeek – ​Read More

CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability

/in

CISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog.

The post CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability appeared first on SecurityWeek.

SecurityWeek – ​Read More

The Next Generation of RBI (Remote Browser Isolation)

/in

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today’s SaaS-centric world.
The limitations of Browser Isolation, such as degraded browser performance and inability to tackle

The Hacker News – ​Read More

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

/in

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts.
The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to initiate the infection,
“The attacker uses a multi-stage malware strategy to deliver the notorious ‘Cobalt

The Hacker News – ​Read More