enterprise

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

CISA, Don't miss, enterprise, Government, Hot stuff, News, Synopsys, vulnerability /

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that […]

React to this headline:

Loading spinner

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

Anyscale, authentication, Bishop Fox, Don't miss, enterprise, Hot stuff, machine learning, News, Oligo Security, vulnerability /

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo

React to this headline:

Loading spinner

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

BSI, Don't miss, enterprise, Germany, Hot stuff, Microsoft Exchange, News, Shadowserver, vulnerability /

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office

React to this headline:

Loading spinner

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

Apps secretly turning devices into proxy network nodes removed from Google Play

consumer, Don't miss, enterprise, Hot stuff, HUMAN Security, mobile apps, News, Orange Cyberdefense, Proxy, research, Sekoia.io /

Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that

React to this headline:

Loading spinner

Apps secretly turning devices into proxy network nodes removed from Google Play Read More »

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Don't miss, enterprise, Hot stuff, Ivanti, NATO, News, security update, vulnerability /

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly

React to this headline:

Loading spinner

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

React to this headline:

Loading spinner

NIST’s NVD has encountered a problem Read More »

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve, backup, disaster recovery, Don't miss, enterprise, exploit, Hot stuff, News, PoC, SMBs, Tenable /

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) 2024-03-14 at 13:00 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as

React to this headline:

Loading spinner

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) Read More »

BSAM: Open-source methodology for Bluetooth security assessment

Bluetooth, Bluetooth Low Energy, consumer, Don't miss, enterprise, Hot stuff, News, security auditing, SMBs, Tarlogic, vulnerability, wireless /

BSAM: Open-source methodology for Bluetooth security assessment 2024-03-13 at 08:39 By Zeljka Zorz Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of the examples presented during the conference were real tests

React to this headline:

Loading spinner

BSAM: Open-source methodology for Bluetooth security assessment Read More »

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

access point, Cisco, Don't miss, enterprise, Hot stuff, News, security update, SMBs, VPN, vulnerability /

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) 2024-03-08 at 13:03 By Zeljka Zorz Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker

React to this headline:

Loading spinner

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) Read More »

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a

React to this headline:

Loading spinner

State-sponsored hackers know enterprise VPN appliances inside out Read More »

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, enterprise, exploit, Hot stuff, Huntress, Malware, Mandiant, News, Ransomware, remote access, remote management, Sophos, vulnerability /

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) 2024-02-26 at 13:36 By Zeljka Zorz The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client

React to this headline:

Loading spinner

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability /

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

React to this headline:

Loading spinner

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

RCE vulnerabilities fixed in SolarWinds enterprise solutions

access management, Don't miss, enterprise, Hot stuff, News, SolarWinds, vulnerability /

RCE vulnerabilities fixed in SolarWinds enterprise solutions 2024-02-19 at 07:01 By Zeljka Zorz SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT administration platform has been infamously compromised in

React to this headline:

Loading spinner

RCE vulnerabilities fixed in SolarWinds enterprise solutions Read More »

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

Don't miss, enterprise, Hot stuff, NAS, News, Palo Alto Networks, QNAP, Rapid7, security update, SMBs, vulnerability /

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) 2024-02-14 at 12:46 By Zeljka Zorz QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities

React to this headline:

Loading spinner

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) Read More »

Corporate users getting tricked into downloading AnyDesk

AnyDesk, Don't miss, enterprise, Hot stuff, Malwarebytes, News, phishing, remote management /

Corporate users getting tricked into downloading AnyDesk 2024-02-14 at 11:16 By Helga Labus Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. The AnyDesk phishing campaign In a phishing campaign recently discovered by Malwarebytes researchers, attackers targeted potential victims via email or SMS, personalized to match their roles

React to this headline:

Loading spinner

Corporate users getting tricked into downloading AnyDesk Read More »

Decryptor for Rhysida ransomware is available!

Check Point, CISA, decrypter, Don't miss, enterprise, Hot stuff, KISA, News, Ransomware /

Decryptor for Rhysida ransomware is available! 2024-02-12 at 13:46 By Zeljka Zorz Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. About Rhysida Rhysida is a relatively new ransomware-as-a-service gang that engages in double extortion. First observed in May 2023,

React to this headline:

Loading spinner

Decryptor for Rhysida ransomware is available! Read More »

Akira, LockBit actively searching for vulnerable Cisco ASA devices

Cisco, Don't miss, enterprise, exploit, GreyNoise, Hot stuff, News, Ransomware, Truesec, vulnerability /

Akira, LockBit actively searching for vulnerable Cisco ASA devices 2024-02-08 at 14:31 By Zeljka Zorz Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available in 2020 and 2023.

React to this headline:

Loading spinner

Akira, LockBit actively searching for vulnerable Cisco ASA devices Read More »

Deepfaked video conference call makes employee send $25 million to scammers

Asia, deepfakes, Don't miss, enterprise, Hot stuff, News, scams, video conferencing /

Deepfaked video conference call makes employee send $25 million to scammers 2024-02-05 at 17:01 By Zeljka Zorz A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has reported. The scheme and the deepfake video conference call

React to this headline:

Loading spinner

Deepfaked video conference call makes employee send $25 million to scammers Read More »

Fighting insider threats is tricky but essential work

cyber risk, Don't miss, enterprise, Hot stuff, human error, Insider Threat, News /

Fighting insider threats is tricky but essential work 2024-01-25 at 08:01 By Helga Labus Business executives are worried about accidental internal staff error (71%) almost as much as they are worried about external threats (75%). But which of the two is a bigger threat to a company? External vs insider threats External threats can cause

React to this headline:

Loading spinner

Fighting insider threats is tricky but essential work Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Don't miss, enterprise, file-sharing, Fortra, Horizon3.ai, Hot stuff, News, PoC, Shodan, SMBs, Tenable, vulnerability /

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

React to this headline:

Loading spinner

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

Scroll to Top