Threats & Malware, Vulnerabilities
November 1, 2023
Via: The RegisterVulnerabilities in F5’s BIG-IP suite are already being exploited after proof of concept (PoC) code began circulating online. The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, […]
Threats & Malware, Vulnerabilities
October 25, 2023
Via: The RegisterBoffins from ETH Zurich have devised a novel fuzzer for finding bugs in RISC-V chips and have used it to find more than three dozen. Fuzzing is a technique that involves feeding random input to software or hardware to see […]
Threats & Malware, Vulnerabilities
October 24, 2023
Via: The Register1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers’ login details are safe. The outfit said the attack was initially detected on September 29 by […]
Threats & Malware, Vulnerabilities
October 23, 2023
Via: The RegisterAfter a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems to have been largely useless. The flaw in the networking giant’s IOS […]
Threats & Malware, Vulnerabilities
October 17, 2023
Via: The RegisterUS authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation. The joint cybersecurity advisory from CISA, FBI, and Multi-State Information Sharing and Analysis Center […]
Threats & Malware, Vulnerabilities
October 13, 2023
Via: The RegisterPerceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Developed by Zhiniang Peng, principal security researcher and chief architect of security at Sangfor, the proof of concept […]
Threats & Malware, Vulnerabilities
October 11, 2023
Via: The RegisterAfter a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as “probably […]
Threats & Malware, Vulnerabilities
October 11, 2023
Via: SecurityWeekSiemens and Schneider Electric’s Patch Tuesday advisories for October 2023 address more than 40 vulnerabilities affecting their products. Siemens Siemens has published a dozen new advisories addressing 41 vulnerabilities. One advisory describes seven vulnerabilities affecting Siemens’ Ruggedcom APE1808 industrial application […]
Threats & Malware, Vulnerabilities
October 10, 2023
Via: Help Net SecurityDetails about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that the […]
Threats & Malware, Vulnerabilities
October 5, 2023
Via: Help Net SecurityA vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability in […]
Threats & Malware, Vulnerabilities
October 4, 2023
Via: The RegisterA trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers. The three CVEs, collectively dubbed “ShellTorch,” rendered “tens […]
Threats & Malware, Vulnerabilities
October 4, 2023
Via: Security AffairsThree out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three other zero-day vulnerabilities are actively exploited in attacks in the wild. Google Threat Analysis […]
Threats & Malware, Vulnerabilities
October 3, 2023
Via: The RegisterThe US’s Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-5217, received a patch from Google last week and was […]
Threats & Malware, Vulnerabilities
October 2, 2023
Via: The RegisterSecurity researchers have spotted what they believe to be a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS_FTP. Progress released fixes for […]
Threats & Malware, Vulnerabilities
September 29, 2023
Via: Security AffairsUS Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, it […]
Threats & Malware, Vulnerabilities
September 25, 2023
Via: The RegisterT-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the […]
Threats & Malware, Vulnerabilities
September 22, 2023
Via: The RegisterApple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as […]
Threats & Malware, Vulnerabilities
September 19, 2023
Via: Security AffairsVulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845. In mid-August, Juniper addressed four medium-severity (CVSS 5.3) vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) impacting EX switches […]
Threats & Malware, Vulnerabilities
September 8, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]
Threats & Malware, Vulnerabilities
September 7, 2023
Via: The Hacker NewsPatches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible […]