Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that, […]
React to this headline:
Defenders must adapt to shrinking exploitation timelines Read More »
Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors 2024-10-15 at 15:16 By rohansinhacyblecom Overview On September 10, 2024, a critical vulnerability, CVE-2024-45409, was identified by ahacker1 of SecureSAML. The vulnerability was then patched in the Ruby-SAML library, which is widely used for implementing SAML (Security Assertion Markup Language) authorization. This flaw affects Ruby-SAML
React to this headline:
Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors Read More »
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain
React to this headline:
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) 2024-10-02 at 14:16 By Zeljka Zorz Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and
React to this headline:
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Read More »
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) 2024-09-25 at 12:46 By Zeljka Zorz CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities
React to this headline:
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) Read More »
The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks 2024-09-10 at 16:46 By rohansinhacyblecom Overview On September 7, 2024, Cyble Global Sensor Intelligence (CGSI) identified the active exploitation of CVE-2024-32113, a critical path traversal vulnerability in the Apache OFBiz open-source enterprise resource planning (ERP) system. This flaw was initially addressed on April 12, 2024,
React to this headline:
The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks Read More »
Tech stack uniformity has become a systemic vulnerability 2024-09-10 at 07:31 By Help Net Security Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day operations. Zero-days are also an old phenomenon. In the past, due to a
React to this headline:
Tech stack uniformity has become a systemic vulnerability Read More »
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly
React to this headline:
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »
APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) 2024-08-28 at 12:02 By Help Net Security ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to
React to this headline:
APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) Read More »
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited 2024-08-13 at 23:01 By Ryan Naraine Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category. The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.
React to this headline:
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited Read More »
CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug 2024-08-08 at 20:46 By Ryan Naraine CrowdStrike dismissed claims that the Falcon EDR sensor bug could be exploited for privilege escalation or remote code execution. The post CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug appeared first on SecurityWeek. This article is an excerpt from
React to this headline:
CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug Read More »
Vulnerability in Telegram app for Android allows sending malicious files disguised as videos 2024-07-23 at 12:16 By Help Net Security ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from June 2024. Example of how the EvilVideo exploit
React to this headline:
Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 2024-07-05 at 16:48 By Neetha Key Takeaways Overview The Zero Day Initiative (ZDI) uncovered a sophisticated DarkGate campaign in mid-January 2024, exploiting CVE-2024-21412 through fake software installers. On February 13, 2024, Microsoft patched this Microsoft Defender SmartScreen vulnerability, which involved internet shortcuts. Later, the APT group
React to this headline:
Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 Read More »
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.
React to this headline:
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »
Mass exploitation is the new primary attack vector for ransomware 2024-06-18 at 07:01 By Help Net Security The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation, according to WithSecure. Edge service KEV vulnerability trends 64% of all edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) in the Known Exploited
React to this headline:
Mass exploitation is the new primary attack vector for ransomware Read More »
CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability 2024-06-14 at 18:31 By Neetha Overview On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature
React to this headline:
CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability Read More »
CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability 2024-06-14 at 18:16 By Neetha Overview On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on
React to this headline:
CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability Read More »
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one
React to this headline:
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it
React to this headline:
Pump.fun exploiter claims he was arrested in UK and now on bail 2024-05-20 at 08:01 By Cointelegraph by Jesse Coghlan The ex-employee alleged of exploiting pump.fun for $1.9 million claims he was arrested and charged in Britain and is now on bail. This article is an excerpt from Cointelegraph.com News View Original Source React to
React to this headline:
Pump.fun exploiter claims he was arrested in UK and now on bail Read More »