exploit

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

0-day, Don't miss, exploit, extortion, Hot stuff, ITSM, Microsoft, News, Ransomware, security update, SysAid, web shell /

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) 09/11/2023 at 18:01 By Helga Labus A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s […]

React to this headline:

Loading spinner

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) Read More »

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network

Authentication Bypass, Big-IP, Citrix, CVE-2023-46747, CVE-2023-46748, CVE-2023-4966, exploit, Gateway Buffer Overflow, NetScaler, SQL injection, vulnerability /

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network 08/11/2023 at 16:02 By cybleinc Cyble’s Global Sensors capture multiple exploit attempts targeting vulnerable BIG-IP and Citrix NetScaler instances. The post Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network appeared first on Cyble. This article

React to this headline:

Loading spinner

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network Read More »

Looney Tunables bug exploited for cryptojacking

Aqua Security, cloud computing, cryptojacking, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications

React to this headline:

Loading spinner

Looney Tunables bug exploited for cryptojacking Read More »

Ransomware attacks set to break records in 2023

attacks, Corvus Insurance, cybersecurity, exploit, News, Ransomware, report /

Ransomware attacks set to break records in 2023 01/11/2023 at 08:01 By Help Net Security Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance. In its Q2 2023 Global Ransomware Report, Corvus noted a significant resurgence in global

React to this headline:

Loading spinner

Ransomware attacks set to break records in 2023 Read More »

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

Assetnote, Citrix, Don't miss, exploit, hardware, Hot stuff, Mandiant, NetScaler, News, Ransomware, vulnerability /

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) 30/10/2023 at 14:46 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybersecurity industry sources, one ransomware group has already distributed a Python script to automate the

React to this headline:

Loading spinner

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) Read More »

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected

exploit, iOS, Kaspersky, Malware & Threats, Operation Triangulation /

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected 24/10/2023 at 22:01 By Ionut Arghire Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks. The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected Read More »

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR /

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

React to this headline:

Loading spinner

State-sponsored APTs are leveraging WinRAR bug Read More »

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

0-day, Citrix, Don't miss, exploit, Hot stuff, Mandiant, News, security update /

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) 18/10/2023 at 17:18 By Helga Labus A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability

React to this headline:

Loading spinner

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Stars Arena recovers 90% of stolen funds after offering $257K bounty

bounty, Crypto hack, deso, exploit, Friend Tech, hack, stars arena, web3 social /

Stars Arena recovers 90% of stolen funds after offering $257K bounty 12/10/2023 at 05:02 By Cointelegraph By Jesse Coghlan The exploiter of the Web3 social media platform agreed to keep a 10% bounty in exchange for returning the remainder of the stolen funds. This article is an excerpt from Cointelegraph.com News View Original Source React

React to this headline:

Loading spinner

Stars Arena recovers 90% of stolen funds after offering $257K bounty Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal

botnet, exploit, Malware & Threats, Mirai /

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal 10/10/2023 at 19:07 By Ionut Arghire A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices. The post Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal Read More »

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM

bug bounty, Chrome, Don't miss, Expert corner, exploit, Google, Google Cloud, News, virtualization /

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM 09/10/2023 at 13:01 By Zeljka Zorz Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM). “We want to learn from the security community to understand how they

React to this headline:

Loading spinner

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM Read More »

Friend.tech copycat StarsArena patches exploit after some funds were drained

Avalanche, exploit, Friend Tech, hack, starsarena /

Friend.tech copycat StarsArena patches exploit after some funds were drained 05/10/2023 at 21:02 By Cointelegraph By Tom Blackstone StarsArena announced that attackers were draining funds through a loophole, but the contract has been patched to prevent further damage. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Friend.tech copycat StarsArena patches exploit after some funds were drained Read More »

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week

attack, attacker, exploit, Friend Tech, hack, hackers, phishing scam, SIM swap /

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week 04/10/2023 at 10:03 By Cointelegraph By Jesse Coghlan In a short period of time, four friend.tech users reported their accounts were compromised and drained after hackers seized control of their mobile numbers. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week Read More »

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits

Android, exploit, iOS, Mobile & Wireless /

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits 28/09/2023 at 15:32 By Ionut Arghire Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains. The post Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits Read More »

High number of security flaws found in EMEA-developed apps

Application Security, cybercrime, cybercriminals, cybersecurity, exploit, generative AI, News, report, SCA, survey, third party compromise, Veracode, vulnerability /

High number of security flaws found in EMEA-developed apps 27/09/2023 at 07:47 By Help Net Security Applications developed by organizations in Europe, Middle East and Africa tend to contain more security flaws than those created by their US counterparts, according to Veracode. Across all regions analysed, EMEA also has the highest percentage of ‘high severity’

React to this headline:

Loading spinner

High number of security flaws found in EMEA-developed apps Read More »

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

exploit, Featured, Mobile & Wireless, spyware, Zero-Day /

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks 25/09/2023 at 13:32 By Eduard Kovacs Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.  The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks Read More »

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)

0-day, apple, Don't miss, exploit, Hot stuff, iOS, macOS, News, spyware /

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) 08/09/2023 at 11:46 By Zeljka Zorz Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit

React to this headline:

Loading spinner

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) Read More »

3 ways to strike the right balance with generative AI

access control, Artificial Intelligence, cybersecurity, data breach, Descope, Don't miss, Expert analysis, Expert corner, exploit, generative AI, Hot stuff, News, opinion, threats, training /

3 ways to strike the right balance with generative AI 07/09/2023 at 08:02 By Help Net Security To find the sweet spot where innovation doesn’t mean sacrificing your security posture, organizations should consider the following three best practices when leveraging AI. Implement role-based access control In the context of generative AI, having properly defined user

React to this headline:

Loading spinner

3 ways to strike the right balance with generative AI Read More »

Scroll to Top