Threats & Malware, Vulnerabilities
June 2, 2023
Via: The Hacker NewsA critical flaw in Progress Software’s in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a […]
Threats & Malware, Vulnerabilities
March 13, 2023
Via: Security WeekTracked as CVE-2020-5741, the first is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely. “This issue allowed an attacker with access to the server […]
Threats & Malware, Vulnerabilities
March 9, 2023
Via: Security WeekTracked as CVE-2023-27898 and CVE-2023-27905 and impacting both Jenkins Server and Update Center, the two security defects are described as cross-site scripting (XSS) bugs that can be exploited by providing a malicious plugin. Rated ‘high severity’, CVE-2023-27898 exists because Jenkins […]
Threats & Malware, Vulnerabilities
February 17, 2023
Via: The Hacker NewsCisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a […]
Threats & Malware, Vulnerabilities
February 3, 2023
Via: The Hacker NewsF5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP […]
Threats & Malware, Vulnerabilities
January 26, 2023
Via: Security AffairsPalo Alto Networks researchers reported that between August and October 2022 the number of attacks that attempted to exploit a Realtek Jungle SDK RCE (CVE-2021-35394) (CVSS score 9.8) accounted for more than 40% of the total number of attacks. “Realtek […]
Threats & Malware, Vulnerabilities
January 19, 2023
Via: Help Net SecurityA source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest git vulnerabilities CVE-2022-41903 is an out-of-bounds memory write flaw in log formatting and CVE-2022-23251 is a truncated […]
Threats & Malware, Vulnerabilities
January 19, 2023
Via: Security AffairsThe US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, […]
Threats & Malware, Vulnerabilities
January 13, 2023
Via: Help Net SecurityA critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental or government-related targets, the company has shared. Fortinet says the attackers have advanced capabilities: they were […]
January 9, 2023
Via: Help Net SecurityThe MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week. The exploit chains CVE-2022-41082, a RCE flaw, and CVE-2022-41080, a privilege escalation […]
Threats & Malware, Vulnerabilities
January 5, 2023
Via: The Hacker NewsFortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. “An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow […]
Threats & Malware, Vulnerabilities
January 4, 2023
Via: TechRadarTens of thousands of Microsoft Exchange servers(opens in new tab) are still vulnerable to a high-severity flaw used in ProxyNotShell exploits, researchers have warned. Cybersecurity researchers Shadowserver Foundation said almost 70,000 IPs were vulnerable to CVE-2022-41082, a remote code execution […]
Threats & Malware, Virus & Malware
December 28, 2022
Via: TechRadarA new malware variant has been detected that is capable of listening to a users’ calls, recognizing a callers’ gender and identity, and even recognizing, to some degree, what’s being said. Fortunately, the good news is that the malware is […]
December 21, 2022
Via: The Hacker NewsThreat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). “The new […]
Threats & Malware, Vulnerabilities
December 15, 2022
Via: The Hacker NewsWeb applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every […]
Threats & Malware, Vulnerabilities
December 9, 2022
Via: Security AffairsCisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading […]
Threats & Malware, Vulnerabilities
December 1, 2022
Via: Security WeekThe most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or […]
Threats & Malware, Vulnerabilities
November 23, 2022
Via: Security AffairsMicrosoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966, that impacts Windows Server. […]
Threats & Malware, Vulnerabilities
November 21, 2022
Via: Security WeekTracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. In its advisory, Apple notes that the flaw allowed a sandboxed […]
Threats & Malware, Vulnerabilities
November 11, 2022
Via: The Hacker NewsMultiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. “By chaining and exploiting the vulnerabilities, adversaries could compromise the web server […]