Threats & Malware, Vulnerabilities
October 17, 2023
Via: The RegisterUS authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation. The joint cybersecurity advisory from CISA, FBI, and Multi-State Information Sharing and Analysis Center […]
Threats & Malware, Vulnerabilities
October 13, 2023
Via: The RegisterPerceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Developed by Zhiniang Peng, principal security researcher and chief architect of security at Sangfor, the proof of concept […]
Threats & Malware, Vulnerabilities
October 11, 2023
Via: The RegisterAfter a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as “probably […]
Threats & Malware, Vulnerabilities
October 11, 2023
Via: SecurityWeekSiemens and Schneider Electric’s Patch Tuesday advisories for October 2023 address more than 40 vulnerabilities affecting their products. Siemens Siemens has published a dozen new advisories addressing 41 vulnerabilities. One advisory describes seven vulnerabilities affecting Siemens’ Ruggedcom APE1808 industrial application […]
Threats & Malware, Vulnerabilities
October 10, 2023
Via: Help Net SecurityDetails about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that the […]
Threats & Malware, Vulnerabilities
October 5, 2023
Via: Help Net SecurityA vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability in […]
Threats & Malware, Vulnerabilities
October 4, 2023
Via: The RegisterA trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers. The three CVEs, collectively dubbed “ShellTorch,” rendered “tens […]
Threats & Malware, Vulnerabilities
October 4, 2023
Via: Security AffairsThree out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three other zero-day vulnerabilities are actively exploited in attacks in the wild. Google Threat Analysis […]
Threats & Malware, Vulnerabilities
October 3, 2023
Via: The RegisterThe US’s Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-5217, received a patch from Google last week and was […]
Threats & Malware, Vulnerabilities
October 2, 2023
Via: The RegisterSecurity researchers have spotted what they believe to be a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS_FTP. Progress released fixes for […]
Threats & Malware, Vulnerabilities
September 29, 2023
Via: Security AffairsUS Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, it […]
Threats & Malware, Vulnerabilities
September 25, 2023
Via: The RegisterT-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the […]
Threats & Malware, Vulnerabilities
September 22, 2023
Via: The RegisterApple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as […]
Threats & Malware, Vulnerabilities
September 19, 2023
Via: Security AffairsVulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845. In mid-August, Juniper addressed four medium-severity (CVSS 5.3) vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) impacting EX switches […]
Threats & Malware, Vulnerabilities
September 8, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]
Threats & Malware, Vulnerabilities
September 7, 2023
Via: The Hacker NewsPatches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible […]
Threats & Malware, Vulnerabilities
September 7, 2023
Via: Dark ReadingThe Internet was all about gray backgrounds and dull text boxes in the ’90s. But JavaScript changed that, allowing us to enjoy dynamic text, interactive websites, and clickable elements without sacrificing performance. JavaScript is one of the most commonly used […]
Threats & Malware, Vulnerabilities
September 6, 2023
Via: The Hacker NewsNine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi […]
Threats & Malware, Vulnerabilities
August 30, 2023
Via: Help Net SecurityVMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a lack […]
Threats & Malware, Vulnerabilities
August 29, 2023
Via: The Hacker NewsUnpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what’s suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation […]