Jump to content

Search the Community

Showing results for tags 'network performance'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • General
    • General Discussion
    • Artificial Intelligence
    • DevOpsForum News
  • DevOps & SRE
    • DevOps & SRE General Discussion
    • Databases, Data Engineering & Data Science
    • Development & Programming
    • CI/CD, GitOps, Orchestration & Scheduling
    • Docker, Containers, Microservices, Serverless & Virtualization
    • Infrastructure-as-Code
    • Kubernetes & Container Orchestration
    • Linux
    • Logging, Monitoring & Observability
    • Security, Governance, Risk & Compliance
  • Cloud Providers
    • Amazon Web Services
    • Google Cloud Platform
    • Microsoft Azure

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

Website URL

LinkedIn Profile URL

About Me

Cloud Platforms

Cloud Experience

Development Experience

Current Role

Skills

Certifications

Favourite Tools

Interests

Found 1 result

  1. TechRadar
    Network monitoring and security solution Progress Flowmon was found to be carrying a maximum-severity vulnerability which could allow threat actors to escalate privileges and gain full access to the target endpoint. As reported by BleepigComputer, the performance tracking, diagnostics, and network detection and response tool was vulnerable to CVE-2024-2389, a flaw allowing attackers to gain unauthenticated access to the Flowmon web interface, where they can execute arbitrary system commands. To gain this access, the attackers would need to craft a custom API request. Thousands of victims A proof-of-concept (PoC) is already available, but the vulnerability is apparently not being abused in the wild just yet. Users are advised to apply the released patch immediately. Progress has since been alerted of the discovery, and released a patch. Flowmon versions 12.x and 11.x are all vulnerable. First patched versions are 12.3.5 and 11.1.14. Those with automatic updates enabled will have gotten the patch already. Those who opted for manual updates need to go to the vendor’s download center. After applying the patch, Progress recommends upgrading all Flowmon modules, too. While the vulnerability was discovered and reported by researchers from Rhino Security Labs, BleepingComputer reminds that Italy’s CSIRT also warned about it, roughly two weeks ago. Rhino Security Labs published the technical details and a demo on how to use the vulnerability, but a PoC was made available as early as April 10. At this time, there are conflicting reports on the number of Flowmon instances exposed on the public web, and thus vulnerable. Some search engines show about 500 exposed servers, while others see fewer than 100 instances. In any case, around 1,500 companies around the world use Flowmon, BleepingComputer added, including SEGA, KIA, TDK, Volkswagen, and others. So far, there is no evidence of abuse in the wild. More from TechRadar Pro How a piece of Brazilian malware became a global cybercrime exportHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

  • Forum Statistics

    44.2k
    Total Topics
    43.8k
    Total Posts
×
×
  • Create New...