Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, June 29, 2024.
Gitlab addresses Several Vulnerabilities -June 2024
GitLab, has released critical updates for both its Community Edition (CE) and Enterprise Edition (EE). The new versions, 17.1.1, 17.0.3, and 16.11.5, contain essential security and bug fixes. GitLab urges all users to upgrade immediately to protect their installations from potential exploits.
Over dozen of fixes have been released to address critical vulnerabilities affecting Gitlab CE and EE versions…..
Juniper Networks discloses a critical vulnerability -CVE-2024-2973
Juniper has disclosed a critical vulnerability that affects the Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products, posing a significant threat to network security.
The CVE-2024-2973 vulnerability with a CVSS Score of 10, classified as an Authentication Bypass Using an Alternate Path or Channel, stems from a design oversight in redundant router deployments. Attackers could exploit this weakness to circumvent authentication measures, granting them unfettered access to sensitive network configurations and potentially enabling further malicious activities……
CISA KEV Update Part III – June 2024
The US CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation……
- CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
- CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability
- CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Moveit Transfer Critical Vulnerability – CVE-2024-5806
A critical security vulnerability has been identified in MOVEit Transfer that poses significant risks to organizations relying on the software for secure data transfers.
The vulnerability tracked as CVE-2024-5806 is rooted in improper validation of user-supplied input during the authentication process. It can be exploited by sending specially crafted requests to the MOVEit Transfer server, bypassing authentication checks, and gaining administrative access……
TeamViewer “Viewed inside” – Midnight Blizzard infiltrated
TeamViewer has disclosed a significant cyber incident in which a threat actor goes by the name APT29, or “Midnight Blizzard,” successfully infiltrated TeamViewer’s systems through unknown methods.
The breach was detected on June 26, 2024, when TeamViewer’s security team noticed unusual activity within their internal IT environment. Promptly, a specialized response team was activated, and cybersecurity experts were involved to investigate and mitigate the threat……
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
