Threats & Malware, Vulnerabilities
March 14, 2023
Via: Help Net SecurityIt’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is […]
Threats & Malware, Vulnerabilities
March 13, 2023
Via: Security WeekTracked as CVE-2020-5741, the first is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely. “This issue allowed an attacker with access to the server […]
Threats & Malware, Vulnerabilities
March 9, 2023
Via: Security WeekTracked as CVE-2023-27898 and CVE-2023-27905 and impacting both Jenkins Server and Update Center, the two security defects are described as cross-site scripting (XSS) bugs that can be exploited by providing a malicious plugin. Rated ‘high severity’, CVE-2023-27898 exists because Jenkins […]
Threats & Malware, Vulnerabilities
March 9, 2023
Via: The Hacker NewsFortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 […]
Threats & Malware, Vulnerabilities
March 8, 2023
Via: Security WeekA total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues. Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, […]
Threats & Malware, Vulnerabilities
March 7, 2023
Via: Dark ReadingA public effort to create a way of predicting the exploitation of vulnerabilities announced a new machine learning model that improves its prediction capabilities by 82%, a significant boost, according to the team of researchers behind the project. Organizations can […]
Threats & Malware, Vulnerabilities
March 6, 2023
Via: The Hacker NewsMalicious actors can take advantage of “insufficient” forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. “Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to […]
Threats & Malware, Vulnerabilities
March 6, 2023
Via: Security WeekThe vulnerabilities were discovered by Ryan Pickren from the Georgia Institute of Technology’s Cyber-Physical Security Lab. The issues were identified by the researcher as part of a PhD project on the security of industrial control systems (ICS). Pickren previously earned […]
Threats & Malware, Vulnerabilities
March 1, 2023
Via: Security AffairsResearchers from ESET discovered a new stealthy Unified Extensible Firmware Interface (UEFI) bootkit, named BlackLotus, that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 […]
Threats & Malware, Vulnerabilities
February 23, 2023
Via: Help Net SecurityRezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of […]
Cyber-crime, Malware, Threats & Malware, Vulnerabilities
February 22, 2023
Via: Help Net SecurityResearchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year. Threat actors are actively searching the internet and deep and dark web for 180 vulnerabilities known […]
Threats & Malware, Vulnerabilities
February 20, 2023
Via: Help Net SecurityFortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions. Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for […]
Threats & Malware, Vulnerabilities
February 17, 2023
Via: The Hacker NewsCisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a […]
Threats & Malware, Vulnerabilities
February 16, 2023
Via: The Hacker NewsSecurity researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part […]
Threats & Malware, Vulnerabilities
February 16, 2023
Via: Dark ReadingOligo Security launched out of stealth on Wednesday with its runtime application security platform for detecting vulnerabilities in open source components. Oligo generates a dynamic bill of materials (BOM), identifies vulnerabilities in packages, and sets fix priorities for vulnerabilities based […]
Threats & Malware, Vulnerabilities
February 15, 2023
Via: The Hacker NewsMicrosoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based […]
Threats & Malware, Vulnerabilities
February 15, 2023
Via: Security WeekThe most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Both flaws affect instances with Splunk Web enabled and require a […]
Threats & Malware, Vulnerabilities
February 14, 2023
Via: Help Net SecurityApple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that “may have been actively exploited.” The bug has been fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3.1, and possibly also in tvOS 16.3.2 […]
Threats & Malware, Vulnerabilities
February 9, 2023
Via: The Hacker NewsA set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. “Threat actors […]
Threats & Malware, Vulnerabilities
February 8, 2023
Via: The Hacker NewsMultiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which “an attacker can […]