Application security, Security
October 10, 2023
Via: The RegisterStart your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as “probably the worst curl security flaw in a long time.” Curl 8.4.0 […]
Threats & Malware, Vulnerabilities
October 5, 2023
Via: Help Net SecurityA vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability in […]
Threats & Malware, Vulnerabilities
October 3, 2023
Via: The RegisterThe US’s Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-5217, received a patch from Google last week and was […]
Threats & Malware, Vulnerabilities
September 29, 2023
Via: Security AffairsUS Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, it […]
Threats & Malware, Virus & Malware
September 27, 2023
Via: TechRadarThere is a flaw in GPU units from all major manufacturers that allows hackers to read sensitive data displayed in browsers, a new research paper argues. The vulnerability in question is called GPU.zip, and allows for cross-origin attacks. In essence, […]
Threats & Malware, Virus & Malware
September 26, 2023
Via: The RegisterCanada’s Better Outcomes Registry & Network (BORN) fears a MOVEit breach allowed cybercriminals to copy 3.4 million people’s childcare health records dating back more than a decade. BORN, which collates and uses information on “pregnancy, birth, the newborn period and […]
September 8, 2023
Via: The Hacker NewsCisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of […]
Threats & Malware, Vulnerabilities
September 7, 2023
Via: The Hacker NewsPatches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible […]
Threats & Malware, Vulnerabilities
August 30, 2023
Via: Help Net SecurityVMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a lack […]
Threats & Malware, Vulnerabilities
August 29, 2023
Via: The Hacker NewsUnpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what’s suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation […]
Application security, Security
August 28, 2023
Via: The Hacker NewsCyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing […]
Threats & Malware, Vulnerabilities
August 28, 2023
Via: The Hacker NewsCybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to […]
August 28, 2023
Via: Dark ReadingFinancial services companies breached as a result of MOVEit zero-day vulnerability are facing a flurry of class action lawsuits over the exposure of sensitive customer financial data. TD Ameritrade and Charles Schwab are the latest firms facing suits, this time […]
August 25, 2023
Via: The Hacker NewsThe U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed […]
Threats & Malware, Vulnerabilities
August 24, 2023
Via: The Hacker NewsThousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal […]
Threats & Malware, Vulnerabilities
August 24, 2023
Via: The Hacker NewsA recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it […]
Threats & Malware, Vulnerabilities
August 22, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to […]
Threats & Malware, Vulnerabilities
August 16, 2023
Via: Help Net SecurityA buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into nearby memory locations, causing corruption or overwriting of such data. About CVE-2023-32560 CVE-2023-32560 could allow a threat actor to send a […]
August 11, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft’s .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), […]
Threats & Malware, Vulnerabilities
August 11, 2023
Via: The Hacker NewsA set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked […]