2024

Hacker Attack Disrupts Websites of Mecklenburg-Vorpommern Government and Police

On Thursday morning, the websites of the government, police, and intelligence services of Mecklenburg-Vorpommern, a german federal state were partially disrupted. According to a statement from the government in Schwerin, the affected sites have been only partially accessible since then. State Digitalization Minister Christian Pegel (SPD) stated that the attacks closely resemble similar incidents from …

Hacker Attack Disrupts Websites of Mecklenburg-Vorpommern Government and Police Read More »

Vulnerability Exposed: Raspberry Pi Pico Used to Bypass Bitlocker Encryption

A hobbyist has successfully extracted the Bitlocker decryption key of a notebook by using a Raspberry Pi Pico, which is available for less than 10 euros in this country. This allowed him to access the encrypted contents of an SSD protected with Bitlocker. The trick was to intercept the communication between the TPM chip soldered …

Vulnerability Exposed: Raspberry Pi Pico Used to Bypass Bitlocker Encryption Read More »

Critical Security Alert: JetBrains TeamCity On-Premises Vulnerability (CVE-2024-23917)

JetBrains has issued a warning to its customers regarding a critical security vulnerability found in its TeamCity On-Premises software, used for continuous integration and continuous deployment (CI/CD). This flaw, identified as CVE-2024-23917 and rated 9.8 out of 10 in severity according to the Common Vulnerability Scoring System (CVSS), poses a significant risk. According to JetBrains, …

Critical Security Alert: JetBrains TeamCity On-Premises Vulnerability (CVE-2024-23917) Read More »

Alert: Ivanti Discovers Critical Security Flaw in Connect Secure, Policy Secure, and ZTA Gateways

Ivanti has issued a warning to its customers regarding a significant security vulnerability present in its Connect Secure, Policy Secure, and ZTA gateway devices. This flaw, identified as CVE-2024-22024 and rated 8.3 out of 10 on the CVSS scoring system, enables attackers to circumvent authentication protocols. According to Ivanti, the vulnerability stems from an XML …

Alert: Ivanti Discovers Critical Security Flaw in Connect Secure, Policy Secure, and ZTA Gateways Read More »

Fortinet Discloses Critical Security Flaw in FortiOS SSL VPN: Exploitation in the Wild Confirmed

Fortinet has revealed a critical security vulnerability in FortiOS SSL VPN, indicating it’s likely being actively exploited. Identified as CVE-2024-21762 with a severity score of 9.6, this flaw permits the execution of arbitrary code and commands. According to Fortinet’s bulletin released on Thursday, the vulnerability, categorized under CWE-787, involves an out-of-bounds write vulnerability in FortiOS, …

Fortinet Discloses Critical Security Flaw in FortiOS SSL VPN: Exploitation in the Wild Confirmed Read More »

Critical Vulnerability in Linux EFI Application Shim Allows Remote Code Execution

In an EFI application named Shim, which is used by most common Linux distributions, a critical vulnerability has been discovered. This vulnerability allows attackers to inject malicious code and gain full control over the targeted system. The flaw, identified as CVE-2023-40547, can be exploited through a specially crafted HTTP request that leads to a controlled …

Critical Vulnerability in Linux EFI Application Shim Allows Remote Code Execution Read More »

Snyk Security Labs Discovers Critical Container Vulnerabilities: Urgent Patching Recommended

A security researcher from Snyk Security Labs has identified a series of vulnerabilities that allow attackers to escape from a container environment and access the underlying host system. It is said in a blog post by Snyk that this could potentially grant access to sensitive data such as login or customer information, as well as …

Snyk Security Labs Discovers Critical Container Vulnerabilities: Urgent Patching Recommended Read More »

Vulnerability in Airbus Navblue’s Flysmart+ App Suite Exposes Aircraft Performance Risks

Security researchers have discovered a weakness in a suite of apps developed by Navblue, a subsidiary of Airbus, known as Flysmart+. This suite serves as a software solution for Electronic Flight Bags (EFBs), used in tasks such as performance calculations for aircraft takeoffs. The researchers found that in one of the associated iOS apps, both …

Vulnerability in Airbus Navblue’s Flysmart+ App Suite Exposes Aircraft Performance Risks Read More »

Intrusion Alert: Suspected Kremlin-Linked Hackers Breach HPE’s Cloud Email Environment

Suspected hackers linked to the Kremlin are believed to have breached the cloud email infrastructure of technology giant Hewlett Packard Enterprise (HPE) to extract mailbox data. According to a regulatory filing with the U.S. Securities and Exchange Commission (SEC), HPE stated, “The threat actor accessed and extracted data starting from May 2023 from a small …

Intrusion Alert: Suspected Kremlin-Linked Hackers Breach HPE’s Cloud Email Environment Read More »

Scroll to Top