vulnerability

Danish energy sector hit by a wave of coordinated cyberattacks

critical infrastructure, cyberattack, Don't miss, energy sector, exploit, Hot stuff, News, SektorCERT, vulnerability, Zyxel /

Danish energy sector hit by a wave of coordinated cyberattacks 14/11/2023 at 21:16 By Helga Labus The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses […]

React to this headline:

Loading spinner

Danish energy sector hit by a wave of coordinated cyberattacks Read More »

Juniper networking devices under attack

CISA, Don't miss, enterprise, exploit, firewall, Hot stuff, Juniper Networks, News, vulnerability, WatchTowr /

Juniper networking devices under attack 14/11/2023 at 16:46 By Zeljka Zorz CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and have been – chained

React to this headline:

Loading spinner

Juniper networking devices under attack Read More »

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network

Authentication Bypass, Big-IP, Citrix, CVE-2023-46747, CVE-2023-46748, CVE-2023-4966, exploit, Gateway Buffer Overflow, NetScaler, SQL injection, vulnerability /

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network 08/11/2023 at 16:02 By cybleinc Cyble’s Global Sensors capture multiple exploit attempts targeting vulnerable BIG-IP and Citrix NetScaler instances. The post Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network appeared first on Cyble. This article

React to this headline:

Loading spinner

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network Read More »

Looney Tunables bug exploited for cryptojacking

Aqua Security, cloud computing, cryptojacking, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications

React to this headline:

Loading spinner

Looney Tunables bug exploited for cryptojacking Read More »

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604)

Apache ActiveMQ, Don't miss, Hot stuff, News, PoC, Ransomware, Rapid7, security update, vulnerability /

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) 02/11/2023 at 17:01 By Zeljka Zorz Ransomware-wielding attackers are trying to break into servers running outdated versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). “Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two

React to this headline:

Loading spinner

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) Read More »

F5 BIG-IP vulnerabilities leveraged by attackers: What to do?

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, PoC, Praetorian, Project Discovery, SQL injection, traffic monitoring, vulnerability /

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? 02/11/2023 at 14:01 By Zeljka Zorz The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may show the same indicators,

React to this headline:

Loading spinner

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? Read More »

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability

Data Exposure, Data Protection, Vulnerabilities, vulnerability /

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability 31/10/2023 at 21:30 By Ionut Arghire Atlassian warns that a critical vulnerability in Confluence Data Center and Server could lead to significant data loss if exploited. The post Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability appeared first on

React to this headline:

Loading spinner

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability Read More »

Attackers Exploiting Critical F5 BIG-IP Vulnerability

Uncategorized, vulnerability /

Attackers Exploiting Critical F5 BIG-IP Vulnerability 31/10/2023 at 18:49 By Ionut Arghire Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s  BIG-IP product started less than five days after public disclosure and PoC exploit code was published. The post Attackers Exploiting Critical F5 BIG-IP Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Attackers Exploiting Critical F5 BIG-IP Vulnerability Read More »

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)

Atlassian Confluence, Don't miss, Hot stuff, News, security update, vulnerability /

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) 31/10/2023 at 13:16 By Zeljka Zorz Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability (CVE-2023-22518) that could lead to “significant data loss if exploited by an unauthenticated attacker.” About CVE-2023-22518 CVE-2023-22518

React to this headline:

Loading spinner

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) Read More »

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, Praetorian, traffic monitoring, vulnerability /

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) 30/10/2023 at 18:46 By Helga Labus F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian

React to this headline:

Loading spinner

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) Read More »

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

Assetnote, Citrix, Don't miss, exploit, hardware, Hot stuff, Mandiant, NetScaler, News, Ransomware, vulnerability /

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) 30/10/2023 at 14:46 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybersecurity industry sources, one ransomware group has already distributed a Python script to automate the

React to this headline:

Loading spinner

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) Read More »

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

F5, Vulnerabilities, vulnerability /

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP 27/10/2023 at 17:47 By Ionut Arghire A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely. The post F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP Read More »

Apple news: iLeakage attack, MAC address leakage bug

apple, attack, data theft, Don't miss, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, research, vulnerability /

Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to

React to this headline:

Loading spinner

Apple news: iLeakage attack, MAC address leakage bug Read More »

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)

Don't miss, Hot stuff, News, security update, VMWare, vulnerability /

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) 25/10/2023 at 13:47 By Helga Labus VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual

React to this headline:

Loading spinner

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) Read More »

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant

Cisco, Malware & Threats, Vulnerabilities, vulnerability, Zero-Day /

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant 24/10/2023 at 20:02 By Eduard Kovacs The number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant. The post Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant appeared first on

React to this headline:

Loading spinner

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant Read More »

North Korean hackers are targeting software developers and impersonating IT workers

APT, Don't miss, FBI, Hot stuff, Insider Threat, Microsoft, News, North Korea, software development, supply chain compromise, vulnerability /

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

React to this headline:

Loading spinner

North Korean hackers are targeting software developers and impersonating IT workers Read More »

Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198)

Cisco, Cisco IOS XE, CVE-2021-1435, CVE-2023-20198, vulnerability, Zero Day Vulnerability, Zero-Day /

Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198) 19/10/2023 at 16:02 By cybleinc Cyble Global Sensor Intelligence (CGSI) Networks observes the active exploitation of the Cisco IOS XE Zero-Day Vulnerability. The post Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198) appeared first on Cyble. This article is an excerpt from Cyble View Original

React to this headline:

Loading spinner

Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198) Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks

ICS, ICS/OT, router, Vulnerabilities, vulnerability /

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks 12/10/2023 at 14:46 By Eduard Kovacs Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks.  The post Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks Read More »

Unmasking the limitations of yearly penetration tests

Ambionics, communication, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, PCI DSS, penetration testing, risk assessment, shadow IT, Threat Intelligence, threats, vulnerability, web application /

Unmasking the limitations of yearly penetration tests 12/10/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Charles d’Hondt, Head of Operations, Ambionics Security, talks about the necessity of implementing continuous penetration testing because yearly ones are not enough. They leave blind spots and cannot match the security needs of regular releases and

React to this headline:

Loading spinner

Unmasking the limitations of yearly penetration tests Read More »

Scroll to Top