Top

Tag: vulnerabilities


Access control, Security

Your password hygiene remains atrocious, says NordPass

November 20, 2023

Via: The Register

It’s that time of year again – NordPass has released its annual list of the most common passwords. And while it seems some of you took last year’s chiding to heart, most of you arguably swapped bad for worse. Password […]


Data loss, Threats & Malware

MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people’s data stolen

November 20, 2023

Via: The Register

Quick show of hands: whose data hasn’t been stolen in the mass exploitation of Progress Software’s vulnerable MOVEit file transfer application? Anyone? According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have been impacted to date, […]


Threats & Malware, Vulnerabilities

Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

November 15, 2023

Via: The Register

Heads up: Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild. First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. […]


Threats & Malware, Vulnerabilities

Royal Mail cybersecurity still a bit of a mess, infosec bods claim

November 13, 2023

Via: The Register

After spending almost a year cleaning up after various security snafus, the UK’s Royal Mail had an open redirect flaw on one of its sites, according to infosec types. We’re told this vulnerability potentially exposes customers to malware infections and […]


Threats & Malware, Vulnerabilities

Microsoft 365 apps have a lot of new security vulnerabilities – here’s what we know

November 6, 2023

Via: TechRadar

Cybersecurity researchers from Zscaler have discovered more than a hundred vulnerabilities in Microsoft 365 that were introduced with the addition of SketchUp into the cloud productivity suite. To make matters worse, they claim to have managed to bypass the patches […]


Threats & Malware, Vulnerabilities

Cisco fixes critical IOS XE bug but malware crew way ahead of them

October 23, 2023

Via: The Register

After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems to have been largely useless. The flaw in the networking giant’s IOS […]


Cyber-crime, Malware

More than 17,000 WordPress websites infected with the Balada Injector in September

October 13, 2023

Via: Security Affairs

Sucuri researchers reported that more than 17,000 WordPress websites have been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August. The Balada injector is a malware family […]


Threats & Malware, Vulnerabilities

curl vulnerabilities ironed out with patches after week-long tease

October 11, 2023

Via: The Register

After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as “probably […]


Threats & Malware, Vulnerabilities

ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws

October 11, 2023

Via: SecurityWeek

Siemens and Schneider Electric’s Patch Tuesday advisories for October 2023 address more than 40 vulnerabilities affecting their products. Siemens Siemens has published a dozen new advisories addressing 41 vulnerabilities. One advisory describes seven vulnerabilities affecting Siemens’ Ruggedcom APE1808 industrial application […]


Threats & Malware, Vulnerabilities

Be prepared to patch high-severity vulnerability in curl and libcurl

October 10, 2023

Via: Help Net Security

Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that the […]


Threats & Malware, Vulnerabilities

Trio of TorchServe flaws means PyTorch users need an urgent upgrade

October 4, 2023

Via: The Register

A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers. The three CVEs, collectively dubbed “ShellTorch,” rendered “tens […]


Threats & Malware, Vulnerabilities

Chipmaker Qualcomm warns of three actively exploited zero-days

October 4, 2023

Via: Security Affairs

Three out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three other zero-day vulnerabilities are actively exploited in attacks in the wild. Google Threat Analysis […]


Threats & Malware, Vulnerabilities

Security researchers believe mass exploitation attempts against WS_FTP have begun

October 2, 2023

Via: The Register

Security researchers have spotted what they believe to be a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS_FTP. Progress released fixes for […]


Cyber-crime, Malware

Exim mail servers left open to zero-day attacks for over a year

October 2, 2023

Via: The Register

A major flaw in Exim’s mail transfer agent (MTA) software has been detected that has gone without a patch for more than a year. Researchers from Trend Micro’s Zero Day Initiative were tipped off by an anonymous researcher in June […]


Threats & Malware, Vulnerabilities

Apple squashes security bugs after iPhone flaws exploited by Predator spyware

September 22, 2023

Via: The Register

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as […]


Threats & Malware, Vulnerabilities

12,000 Juniper SRX firewalls and EX switches vulnerable to CVE-2023-36845

September 19, 2023

Via: Security Affairs

VulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845. In mid-August, Juniper addressed four medium-severity (CVSS 5.3) vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) impacting EX switches […]


Cloud security, Security

Cloud changes are to blame for nearly all cyber-attacks

September 18, 2023

Via: TechRadar

Of all the vulnerabilities an organization’s system has, the majority sit within its cloud environment, a new report from cybersecurity researchers Unit 42, part of Palo Alto Networks, has found. As per the report, four in five (80%) of all […]


Cloud security, Security

Cisco Secure Application provides business risk insights for cloud native apps

September 13, 2023

Via: Help Net Security

Cisco has unveiled Cisco Secure Application (previously Security Insights for Cloud Native Application Observability) on the Cisco Full-Stack Observability Platform, enabling organizations to bring together application and security teams to securely develop and deploy applications. The latest release of Cisco […]


Threats & Malware, Vulnerabilities

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

September 8, 2023

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]


Threats & Malware, Vulnerabilities

Coding Tips to Sidestep JavaScript Vulnerabilities

September 7, 2023

Via: Dark Reading

The Internet was all about gray backgrounds and dull text boxes in the ’90s. But JavaScript changed that, allowing us to enjoy dynamic text, interactive websites, and clickable elements without sacrificing performance. JavaScript is one of the most commonly used […]