NCERT | National Computer Emergency Response Team Philippines

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. A. Nature of the Vulnerabilities CVE-2024-26304 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via the PAPI Protocol CVE-2024-26305 (CVSS score: 9.8) continue reading : Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

Critical Vulnerability in Palo Alto Global Protect (CVE-2024-3400)

Palo Alto Networks has released a security advisory related to critical vulnerability with a CVSS score of 10, currently exploited in the wild in a limited number of attacks. Tracked as CVE-2024-3400, this vulnerability, which is within the GlobalProtect feature of Palo Alto Networks PAN-OS, could allow malicious actors to execute arbitrary code with root continue reading : Critical Vulnerability in Palo Alto Global Protect (CVE-2024-3400)

Microsoft Releases April 2024 Patch Tuesday Security Updates

Microsoft has released its April 2024 Patch Tuesday security updates to fix 149 vulnerabilities across its products, including one vulnerability that Microsoft detected being exploited in the wild. Additionally, it’s worth noting the critical vulnerabilities tracked as CVE-2024-21322, CVE-2024-21323, and CVE-2024-29053, which are also included in the patch notes for the month of April. _____________________________ continue reading : Microsoft Releases April 2024 Patch Tuesday Security Updates

Microsoft Releases February 2024 Patch Tuesday Security Updates

Microsoft has released its February 2024 Patch Tuesday security updates to fix 73 vulnerabilities across its products, including 2 zero-day vulnerabilities (CVE-2024-21351 and CVE-2024-21412) that are being exploited in-the-wild. Tracked as CVE-2024-21351, the first of the two zero-days could allow a malicious actor to inject code into SmartScreen and potentially gain code execution. For the continue reading : Microsoft Releases February 2024 Patch Tuesday Security Updates

Critical Vulnerability in FortiOS SSL VPN (CVE-2024-23113)

Fortinet has released a patch to fix a security vulnerability in its FortiOS SSL VPN product that is potentially being exploited in the wild. Tracked as CVE-2024-23113, this vulnerability is classified as ‘Critical’ with a CVSS Score of 9.6, which may allow a malicious actor to execute unauthorized code. Based on the official advisory, FortiOS continue reading : Critical Vulnerability in FortiOS SSL VPN (CVE-2024-23113)