Threats & Malware, Vulnerabilities
September 19, 2023
Via: Security AffairsVulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845. In mid-August, Juniper addressed four medium-severity (CVSS 5.3) vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) impacting EX switches […]
Threats & Malware, Vulnerabilities
September 8, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]
Threats & Malware, Vulnerabilities
September 7, 2023
Via: The Hacker NewsPatches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible […]
Threats & Malware, Vulnerabilities
September 7, 2023
Via: Dark ReadingThe Internet was all about gray backgrounds and dull text boxes in the ’90s. But JavaScript changed that, allowing us to enjoy dynamic text, interactive websites, and clickable elements without sacrificing performance. JavaScript is one of the most commonly used […]
Threats & Malware, Vulnerabilities
September 6, 2023
Via: The Hacker NewsNine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi […]
Threats & Malware, Vulnerabilities
August 30, 2023
Via: Help Net SecurityVMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a lack […]
Threats & Malware, Vulnerabilities
August 29, 2023
Via: The Hacker NewsUnpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what’s suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation […]
Threats & Malware, Vulnerabilities
August 28, 2023
Via: The Hacker NewsCybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to […]
Threats & Malware, Vulnerabilities
August 24, 2023
Via: The Hacker NewsA recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it […]
Threats & Malware, Vulnerabilities
August 24, 2023
Via: The Hacker NewsThousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal […]
Threats & Malware, Vulnerabilities
August 23, 2023
Via: The Hacker NewsDevelopers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential […]
Threats & Malware, Vulnerabilities
August 23, 2023
Via: Dark ReadingThe US Department of Defense (DoD) will create an insider threat office to monitor employees following a review into the leak of classified Pentagon intelligence on Discord. A June 30 memo signed by the Secretary of Defense calls for the […]
Threats & Malware, Vulnerabilities
August 22, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to […]
Threats & Malware, Vulnerabilities
August 17, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), […]
Threats & Malware, Vulnerabilities
August 16, 2023
Via: Help Net SecurityA buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into nearby memory locations, causing corruption or overwriting of such data. About CVE-2023-32560 CVE-2023-32560 could allow a threat actor to send a […]
Threats & Malware, Vulnerabilities
August 11, 2023
Via: The Hacker NewsA set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked […]
Threats & Malware, Vulnerabilities
August 9, 2023
Via: The Hacker NewsMicrosoft has patched a total of 74 flaws in its software as part of the company’s Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important […]
Threats & Malware, Vulnerabilities
August 8, 2023
Via: The Hacker NewsNew research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. “Cloudflared is functionally very similar to ngrok,” Nic Finn, a senior threat intelligence analyst at GuidePoint Security, […]
Threats & Malware, Vulnerabilities
August 2, 2023
Via: The Hacker NewsAdvanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part […]
Threats & Malware, Vulnerabilities
August 2, 2023
Via: The Hacker NewsAbout 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a […]