![]() ![]() ![]() CISA had already issued a similar warning ten years ago, highlighting the risks associated with default passwords, especially in critical infrastructures. It also suggests implementing temporary passwords that are disabled after initial configuration, as well as promoting the use of phishing-resistant multi-factor authentication. ![]() Instead of using a single default password, they recommend that manufacturers provide unique and tailored configuration passwords for each product. They claim that using this type of password can be used by threat actors to gain access to those devices. More info CISA calls for an end to default passwords The Cybersecurity Agency CISA has issued an advisory calling on technology manufacturers to stop using default passwords on their devices and software. It is recommended to update the asset to the latest version of Avalanche 6.4.2, since these security flaws are affected in versions of Avalanche 6.3.1 and higher. It should be noted that the rest of the vulnerabilities have been categorized as medium and high risk. According to the company, a threat actor could exploit these vulnerabilities by sending specially crafted data packets to the mobile device server triggering a denial of service (DoS) condition or allowing remote code execution without requiring interaction from the user of the vulnerable device. These security flaws affect the Avalanche mobile device management solution and are due to a flaw in the WLAvalancheService stack or buffer overflow weaknesses. ![]() More info Ivanti fixes multiple critical vulnerabilities The company Ivanti issued a security advisory in which it fixes a total of 20 vulnerabilities, 13 of which are considered critical. Although Google would not have the patch ready for a few days, the browser update is now available and all users are urged to update to version 1.129 on Mac and Linux devices and to version 1.129/130 on Windows. This flaw could be exploited by an attacker to execute malicious code or cause unwanted behavior in the application using WebRTC. The flaw, known as CVE-2023-7024, would allow buffer overflow in WebRTC. New 0-day in Google Chrome Google released its eighth emergency update so far this year to patch a new 0-day vulnerability in Chrome, discovered by Google's Threat Analysis Group (TAG). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |