Security Affairs
Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Progress Software fixed 2 new critical flaws in WhatsUp Gold

Progress Software addresses six new security vulnerabilities affecting its WhatsUp Gold, two of them are rated as critical severity. Progress Software has addressed six new security vulnerabilities in its IT infrastructure monitoring product WhatsUp Gold. “The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1. We are reaching out to all […]

Progress LoadMaster

Progress Software addresses six new security vulnerabilities affecting its WhatsUp Gold, two of them are rated as critical severity.

Progress Software has addressed six new security vulnerabilities in its IT infrastructure monitoring product WhatsUp Gold.

“The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1. We are reaching out to all WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20.” reads the advisory. “If you are running a version older than 24.0.1 and you do not upgrade, your environment will remain vulnerable. Please take the following steps as soon as possible: 

  1. Download the WhatsUp Gold 24.0.1 installer from https://community.progress.com/s/products-list
  2. Run the installer on your WhatsUp Gold server and follow the prompts. “

Two of the vulnerabilities fixed by Progress, respectively tracked as CVE-2024-8785 and CVE-2024-46909, are rated as critical severity.

CVE-2024-8785 (CVSS score of 9.8) was reported by Trend Micro researchers Andy Niu, while CVE-2024-46909 (CVSS score of 9.8) was reported by Tenable.

Below are the other vulnerabilities addressed by the company:

  • CVE-2024-46905 (CVSS score: 8.8)
  • CVE-2024-46906 (CVSS score: 8.8)
  • CVE-2024-46907 (CVSS score: 8.8)
  • CVE-2024-46908 (CVSS score: 8.8)

The company addressed the issues with version 24.0.1 released on September 20, 2024. The company has yet to disclose technical details about the vulnerabilities, it’s unclear if the are actively exploited in attacks in the wild.

In mid-September, U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Progress WhatsUp Gold SQL Injection vulnerability, tracked as CVE-2024-6670, to its Known Exploited Vulnerabilities catalog. An unauthenticated attacker could trigger this vulnerability to retrieve the users’ encrypted password. The flaw impacts WhatsUp Gold versions released before 2024.0.0.

    WhatsUp Gold Customers are recommended to address the above vulnerabilities as soon as possible.

    Follow me on Twitter: @securityaffairs and Facebook and Mastodon

    Pierluigi Paganini

    (SecurityAffairs – hacking, Progress Software)