Top

Category: Vulnerabilities


Threats & Malware, Vulnerabilities

Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)

March 14, 2023

Via: Help Net Security

It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is […]


Threats & Malware, Vulnerabilities

CISA Warns of Plex Vulnerability Linked to LastPass Hack

March 13, 2023

Via: Security Week

Tracked as CVE-2020-5741, the first is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely. “This issue allowed an attacker with access to the server […]


Threats & Malware, Vulnerabilities

Jenkins Server Vulnerabilities Chained for Remote Code Execution 

March 9, 2023

Via: Security Week

Tracked as CVE-2023-27898 and CVE-2023-27905 and impacting both Jenkins Server and Update Center, the two security defects are described as cross-site scripting (XSS) bugs that can be exploited by providing a malicious plugin. Rated ‘high severity’, CVE-2023-27898 exists because Jenkins […]


Threats & Malware, Vulnerabilities

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

March 9, 2023

Via: The Hacker News

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 […]


Threats & Malware, Vulnerabilities

Chrome 111 Patches 40 Vulnerabilities

March 8, 2023

Via: Security Week

A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues. Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, […]


Threats & Malware, Vulnerabilities

Machine Learning Improves Prediction of Exploited Vulnerabilities

March 7, 2023

Via: Dark Reading

A public effort to create a way of predicting the exploitation of vulnerabilities announced a new machine learning model that improves its prediction capabilities by 82%, a significant boost, according to the team of researchers behind the project. Organizations can […]


Threats & Malware, Vulnerabilities

Experts Reveal Google Cloud Platform’s Blind Spot for Data Exfiltration Attacks

March 6, 2023

Via: The Hacker News

Malicious actors can take advantage of “insufficient” forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. “Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to […]


Threats & Malware, Vulnerabilities

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

March 6, 2023

Via: Security Week

The vulnerabilities were discovered by Ryan Pickren from the Georgia Institute of Technology’s Cyber-Physical Security Lab. The issues were identified by the researcher as part of a PhD project on the security of industrial control systems (ICS). Pickren previously earned […]


Threats & Malware, Vulnerabilities

BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11

March 1, 2023

Via: Security Affairs

Researchers from ESET discovered a new stealthy Unified Extensible Firmware Interface (UEFI) bootkit, named BlackLotus, that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 […]


Threats & Malware, Vulnerabilities

Researchers find hidden vulnerabilities in hundreds of Docker containers

February 23, 2023

Via: Help Net Security

Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of […]


Cyber-crime, Malware, Threats & Malware, Vulnerabilities

Most vulnerabilities associated with ransomware are old

February 22, 2023

Via: Help Net Security

Researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year. Threat actors are actively searching the internet and deep and dark web for 180 vulnerabilities known […]


Threats & Malware, Vulnerabilities

Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952)

February 20, 2023

Via: Help Net Security

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions. Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for […]


Threats & Malware, Vulnerabilities

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

February 17, 2023

Via: The Hacker News

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a […]


Threats & Malware, Vulnerabilities

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

February 16, 2023

Via: The Hacker News

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part […]


Threats & Malware, Vulnerabilities

Oligo Security Takes Aim at Open Source Vulnerabilities

February 16, 2023

Via: Dark Reading

Oligo Security launched out of stealth on Wednesday with its runtime application security platform for detecting vulnerabilities in open source components. Oligo generates a dynamic bill of materials (BOM), identifies vulnerabilities in packages, and sets fix priorities for vulnerabilities based […]


Threats & Malware, Vulnerabilities

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

February 15, 2023

Via: The Hacker News

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based […]


Threats & Malware, Vulnerabilities

Splunk Enterprise Updates Patch High-Severity Vulnerabilities

February 15, 2023

Via: Security Week

The most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Both flaws affect instances with Splunk Web enabled and require a […]


Threats & Malware, Vulnerabilities

Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529)

February 14, 2023

Via: Help Net Security

Apple has released security updates that fix a WebKit zero-day vulnerability (CVE-2023-23529) that “may have been actively exploited.” The bug has been fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3.1, and possibly also in tvOS 16.3.2 […]


Threats & Malware, Vulnerabilities

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices

February 9, 2023

Via: The Hacker News

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. “Threat actors […]


Threats & Malware, Vulnerabilities

Unpatched Security Flaws Disclosed in Multiple Document Management Systems

February 8, 2023

Via: The Hacker News

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which “an attacker can […]