PRANAY PAWAHANEE’s Post

You know, the CrowdStrike incident shook the agenda last week as we closed the week.👩🏻💻 So what happened other than that❓ Here I have a great resource suggestion where you can find the answer to this question❗️🌝 Don't forget to review.🤞🏻🌸 🚨 Apache Web Server: Multiple Critical Vulnerabilities Discovered 🚨 SAP AI Core Vulnerabilities Patched After Security Risks Exposed 🚨 Google Chrome 126 Patches Critical Vulnerabilities 🚨 Oracle Releases Critical Patch Update with Over 260 Remote Exploits 🚨 Critical OpenSSH Flaw Patched but Risk Remains 🚨 Atlassian Patches Critical Vulnerabilities in Popular Products Thank you to the XM Cyber family for these useful details.🌟🙌🏻 I share the link of the related resource in the comment.⬇️ Have a nice week❗️🫶🏻 #cybersecurity #infosec #exposures #exposed #crowdstrike #weekly #roundup #apache #sap #atlassian #google #oracle #critical #vulnerabilities #exploit #product #resourcesharing #newsletter #learningeveryday

Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay. https://lnkd.in/gaTUQw_E

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!: Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities across multiple Oracle products. This comprehensive update fixes critical flaws that could allow remote code execution, data manipulation, and unauthorized access to systems. Affected Products and Patches Oracle strongly recommends that users apply the necessary patches as soon as possible to […] The post Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Four vulnerabilities in SAP, D-Link, DrayTek Corp. and Motion Spell products were added to the Known Exploited Vulnerabilities (KEV) catalog by the Cybersecurity and Infrastructure Security Agency. #cybersecurity #infosec #ITsecurity

Oracle has issued a critical alert regarding a high-severity vulnerability (CVE-2024-21287) in its Agile Product Lifecycle Management (PLM) Framework, which is currently being actively exploited. This flaw allows unauthenticated attackers to remotely access sensitive files, posing significant risks to organizations relying on this software. Oracle strongly advises users to apply the latest patches immediately to mitigate potential threats. #CyberSecurity #Oracle #AgilePLM #Vulnerability #InfoSec #DataProtection #denovosecurity

🔐 Oracle October 2024 Critical Patch Update 🔐 Oracle has just released its latest Critical Patch Update, addressing multiple vulnerabilities across several products, including Oracle Database, JD Edwards, and Fusion Middleware. With critical CVSS scores impacting various environments, it’s crucial to apply these patches as soon as possible to safeguard your systems against potential threats. For details, explore the advisory: Oracle Security Alerts #Cybersecurity #Oracle #PatchUpdate #DataProtection #RiskMitigation

🚨 #Oracle Releases Critical #Patch #Update 2024 #Oracle has released its April 2024 Critical #Patch Update (#CPU), addressing 372 #security #vulnerabilities across multiple Oracle products. This comprehensive update fixes critical #flaws that could allow remote code execution, #data manipulation, and unauthorized access to systems. 📰 More details: https://lnkd.in/erNzahGu #Oracle #PatchUpdate #Cybersecurity

🚨 Important Update for Oracle Users! 🚨 Oracle has released their April 2024 Critical Patch Update, delivering a substantial 441 security patches. This update affects multiple product families, emphasizing the importance of keeping cybersecurity measures current. 🔍 Why This Matters: This release underscores the dynamic and complex challenges of maintaining secure systems today. It is crucial for organizations using Oracle products to promptly apply these updates to safeguard against potential threats. 🔗 Further Information: For a detailed overview of the patches, visit Oracle’s official security alert page: https://lnkd.in/dYm8tY6j 📞 Connect with us: If you're looking for guidance on effective security practices or need advice on enhancing your digital security posture, visit https://akitacyber.com/ or contact us directly through LinkedIn. #CyberSecurity #OracleSecurity #PatchManagement #RiskManagement #TechUpdate

🚨 Critical zero-day vulnerability uncovered in Apache OFBiz ERP System: A deep dive into its mechanics A new security flaw has come to light within the Apache OFBiz enterprise resource planning (ERP) system, causing significant concern among cybersecurity experts. This pre-authentication remote code execution vulnerability, tagged as CVE-2024-38856, allows unauthorized attackers to infiltrate business networks remotely, posing an urgent threat to affected systems. With a critical severity rating of 9.8 on the Common Vulnerability Scoring System (CVSS), the vulnerability affects versions of Apache OFBiz up to 18.12.14. The flaw traces back to the software's authentication process, where it creates an opportunity for unauthenticated parties to bypass standard login protocols, effectively opening the door to malicious activities. The issue stems from a glitch in the software's authentication mechanism, permitting unauthenticated access to certain features that are meant to be protected by login credentials. This flaw enables attackers to remotely execute code that could compromise system integrity. On closer examination, it appears that CVE-2024-38856 serves as a patch bypass for a previously reported vulnerability, CVE-2024-36104, a path traversal flaw that was addressed in a patch released in early June for Apache OFBiz version 18.12.14. The exploitation of this vulnerability involves manipulating the "override view" functionality within Apache OFBiz. Security researcher Hasib Vhora explains that attackers can exploit this in conjunction with unauthenticated endpoints, thus gaining unauthenticated access to crucial system endpoints. This revelation is part of a concerning trend, following closely on the heels of the exploitation of another critical vulnerability, CVE-2024-32113, observed in active deployment of the Mirai botnet since its patching in May 2024. Additionally, December 2023 witnessed another zero-day flaw, CVE-2023-51467, within Apache OFBiz that compromised authentication measures and was subject to extensive exploitation attempts. STAY PROTECTED. STAY SECURE. #0day #cybersecurity #cyberalert #vulnerability #staysecure

🛡️ Want to safeguard your #SAP environment? Check out this article on E3-Magazin by #SUSE's Friedrich Krey to discover how #SLES for SAP increases security and meets regulatory security requirements. 👉 Explore innovative strategies to fortify your SAP infrastructure and mitigate #cybersecurity risks effectively here: https://okt.to/uKMSOX