Patch/Configuration Management

The PoC exploit for the authentication bypass vulnerability is available; patch immediately.

Vulnerable SolarWinds Serv-U devices impacted by the high-severity path traversal flaw, tracked as CVE-2024-28995, have been subjected to ongoing attacks using publicly available proof-of-concept exploits, according to BleepingComputer.

Attacks with a new Linux encryptor have been deployed by the RansomHub ransomware-as-a-service operation against VMware ESXi environments, reports BleepingComputer.

Flaw could cause buffer overflow and malicious code execution.

The heap overflow flaws affect vSphere and Cloud Foundation and could enable RCE.

Updates have been issued by Asus to remediate critical vulnerabilities impacting several of its router models, according to Ars Technica.

A newly detailed speculative attack vulnerability could leave devices using ARM CPUs more vulnerable to attack.