Threats & Malware, Vulnerabilities
December 15, 2023
Via: Security AffairspfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The […]
Threats & Malware, Vulnerabilities
December 13, 2023
Via: SecureWorldLazarus, the notorious North Korean hacking group, has once again made headlines, this time by exploiting the Log4j vulnerability, despite it being disclosed two years ago. The Log4j vulnerability, officially known as CVE-2021-44228, continues to pose significant risks to organizations […]
Threats & Malware, Vulnerabilities
December 6, 2023
Via: The RegisterAtlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own – the links it contained weren’t live for all readers at the time of despatch. The email, seen by The Register, […]
Threats & Malware, Vulnerabilities
December 6, 2023
Via: The RegisterA security vulnerability previously added to CISA’s Known Exploited Vulnerability catalog (KEV), which was recognized by CVE Numbering Authorities (CNA), and included in reputable threat reports is now being formally rejected by infosec organizations. CISA removed CVE-2022-28958 from its KEV […]
Threats & Malware, Vulnerabilities
December 1, 2023
Via: The RegisterApple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack. The software updates for iOS, iPadOS, macOS Sonoma, and Safari web browser address two bugs: an out-of-bounds read flaw tracked […]
Threats & Malware, Vulnerabilities
November 30, 2023
Via: The RegisterMultiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby miscreant to impersonate other devices and intercept data. The weaknesses were identified by Daniele Antonioli, […]
Threats & Malware, Vulnerabilities
November 27, 2023
Via: Help Net SecurityA proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a […]
Threats & Malware, Vulnerabilities
November 17, 2023
Via: Security AffairsFortinet is warning customers of a critical OS command injection vulnerability, tracked as CVE-2023-36553 (CVSS score 9.3), in FortiSIEM report server. A remote, unauthenticated attacker can exploit the flaw to execute commands by sending specially crafted API requests. “An improper […]
Threats & Malware, Vulnerabilities
November 15, 2023
Via: The RegisterHeads up: Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild. First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. […]
Threats & Malware, Vulnerabilities
November 15, 2023
Via: Security AffairsVMware disclosed an authentication bypass vulnerability, tracked as CVE-2023-34060 (CVSS score 9.8), in its Cloud Director Appliance that can be exploited by an attacker with network access to the appliance bypassing login restrictions when authenticating on port 22 (ssh) or […]
Threats & Malware, Vulnerabilities
November 13, 2023
Via: The RegisterAfter spending almost a year cleaning up after various security snafus, the UK’s Royal Mail had an open redirect flaw on one of its sites, according to infosec types. We’re told this vulnerability potentially exposes customers to malware infections and […]
Threats & Malware, Vulnerabilities
November 9, 2023
Via: Security AffairsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-29552 (CVSS score: 7.5) in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities catalog. The Service Location Protocol (SLP) is a legacy service discovery protocol that allows […]
Threats & Malware, Vulnerabilities
November 8, 2023
Via: The RegisterAtlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10. The company overhauled its security advisory for CVE-2023-22518 after it realized there […]
Threats & Malware, Vulnerabilities
November 6, 2023
Via: TechRadarCybersecurity researchers from Zscaler have discovered more than a hundred vulnerabilities in Microsoft 365 that were introduced with the addition of SketchUp into the cloud productivity suite. To make matters worse, they claim to have managed to bypass the patches […]
Threats & Malware, Vulnerabilities
November 2, 2023
Via: The RegisterSecurity researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ. Announced on October 25 and tracked as CVE-2023-46604, the insecure deserialization vulnerability allows for remote code execution (RCE) on affected versions. “Apache ActiveMQ is […]
Threats & Malware, Vulnerabilities
November 2, 2023
Via: SecureWorldIn the ever-evolving landscape of cybersecurity threats, the discovery of serious vulnerabilities can send shockwaves through the digital world. One such recent incident that has captured the attention of security professionals is the exploitation of a critical vulnerability known as […]
Threats & Malware, Vulnerabilities
November 1, 2023
Via: The RegisterVulnerabilities in F5’s BIG-IP suite are already being exploited after proof of concept (PoC) code began circulating online. The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, […]
Threats & Malware, Vulnerabilities
October 25, 2023
Via: The RegisterBoffins from ETH Zurich have devised a novel fuzzer for finding bugs in RISC-V chips and have used it to find more than three dozen. Fuzzing is a technique that involves feeding random input to software or hardware to see […]
Threats & Malware, Vulnerabilities
October 24, 2023
Via: The Register1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers’ login details are safe. The outfit said the attack was initially detected on September 29 by […]
Threats & Malware, Vulnerabilities
October 23, 2023
Via: The RegisterAfter a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems to have been largely useless. The flaw in the networking giant’s IOS […]