vulnerability

Atlas VPN zero-day allows sites to discover users’ IP address

0-day, Don't miss, exploit, Hot stuff, Linux, News, VPN, vulnerability /

Atlas VPN zero-day allows sites to discover users’ IP address 05/09/2023 at 20:47 By Zeljka Zorz Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several […]

React to this headline:

Loading spinner

Atlas VPN zero-day allows sites to discover users’ IP address Read More »

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)

Don't miss, Hot stuff, News, security update, VMWare, vulnerability /

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) 30/08/2023 at 14:01 By Helga Labus VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a

React to this headline:

Loading spinner

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) Read More »

Ransomware group exploits Citrix NetScaler systems for initial access

Citrix, Don't miss, exploit, Hot stuff, News, Ransomware, Sophos, vulnerability /

Ransomware group exploits Citrix NetScaler systems for initial access 29/08/2023 at 14:50 By Helga Labus A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using

React to this headline:

Loading spinner

Ransomware group exploits Citrix NetScaler systems for initial access Read More »

Easy-to-exploit Skype vulnerability reveals users’ IP address

consumer, deanonymization, Don't miss, Hot stuff, Microsoft, mobile apps, News, Privacy, Skype, vulnerability /

Easy-to-exploit Skype vulnerability reveals users’ IP address 29/08/2023 at 13:32 By Zeljka Zorz A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vulnerability The security vulnerability has

React to this headline:

Loading spinner

Easy-to-exploit Skype vulnerability reveals users’ IP address Read More »

Is the cybersecurity community’s obsession with compliance counter-productive?

CISO, Compliance, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, Hot stuff, News, opinion, phishing, trackd, vulnerability /

Is the cybersecurity community’s obsession with compliance counter-productive? 29/08/2023 at 07:01 By Help Net Security Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have

React to this headline:

Loading spinner

Is the cybersecurity community’s obsession with compliance counter-productive? Read More »

PoC for no-auth RCE on Juniper firewalls released

Don't miss, exploit, Hot stuff, Juniper Networks, Junos OS, News, PoC, security update, vulnerability, WatchTowr /

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

React to this headline:

Loading spinner

PoC for no-auth RCE on Juniper firewalls released Read More »

Uncovering a privacy-preserving approach to machine learning

Artificial Intelligence, cybersecurity, Don't miss, Encryption, Enveil, Expert analysis, Expert corner, Hot stuff, machine learning, News, opinion, Privacy, regulation, vulnerability /

Uncovering a privacy-preserving approach to machine learning 28/08/2023 at 08:01 By Help Net Security In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage. Although recent developments in generative artificial intelligence (AI) have raised unprecedented awareness around the

React to this headline:

Loading spinner

Uncovering a privacy-preserving approach to machine learning Read More »

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

Cisco, critical infrastructure, Don't miss, Europe, healthcare, Hot stuff, Malware, ManageEngine, News, North Korea, trojan, USA, vulnerability /

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure 25/08/2023 at 15:36 By Helga Labus North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address

React to this headline:

Loading spinner

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure Read More »

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies 

Laws, Management & Strategy, Risk Management, VDP, vulnerability /

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  25/08/2023 at 14:48 By Eduard Kovacs Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP). The post Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  Read More »

WinRAR patches zero-day bug that targeted stock and crypto traders

cybersecurity, exploit, hackers, Malware, vulnerability, WinRAR /

WinRAR patches zero-day bug that targeted stock and crypto traders 25/08/2023 at 08:04 By Cointelegraph By Martin Young According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise. This article is an excerpt from Cointelegraph.com News View Original Source React to this

React to this headline:

Loading spinner

WinRAR patches zero-day bug that targeted stock and crypto traders Read More »

Does a secure coding training platform really work?

code, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, opinion, sandbox, SecDim, software, training, vulnerability /

Does a secure coding training platform really work? 24/08/2023 at 07:31 By Help Net Security As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many

React to this headline:

Loading spinner

Does a secure coding training platform really work? Read More »

Anticipating the next wave of IoT cybersecurity challenges

Artificial Intelligence, cybersecurity, Don't miss, Features, FIDO Alliance, framework, Hot stuff, Internet of Things, interoperability, machine learning, News, opinion, policy, Red Alert Labs, standards, strategy, vulnerability /

Anticipating the next wave of IoT cybersecurity challenges 23/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. Atoui also delves

React to this headline:

Loading spinner

Anticipating the next wave of IoT cybersecurity challenges Read More »

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Don't miss, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS

React to this headline:

Loading spinner

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

Don't miss, Hot stuff, News, security update, Trend Micro, vulnerability, Windows, WinRAR /

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) 21/08/2023 at 14:47 By Helga Labus RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,

React to this headline:

Loading spinner

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) Read More »

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

Citrix, Citrix ShareFile, Don't miss, enterprise, file-sharing, Hot stuff, News, PoC, security update, vulnerability /

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) 17/08/2023 at 14:16 By Zeljka Zorz CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA)

React to this headline:

Loading spinner

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) Read More »

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

backdoor, Citrix, Don't miss, enterprise, Fox-IT, Hot stuff, Mandiant, News, vulnerability, web shell /

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise 16/08/2023 at 13:49 By Zeljka Zorz Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices,

React to this headline:

Loading spinner

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise Read More »

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)

Don't miss, Hot stuff, Ivanti, News, security update, Tenable, vulnerability /

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) 16/08/2023 at 12:50 By Helga Labus Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into

React to this headline:

Loading spinner

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) Read More »

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks

attack, Cisco, Cloudflare, Data leak, Don't miss, Hot stuff, Malwarebytes, Mozilla, News, NordVPN, Privacy, research, VPN, vulnerability /

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks 14/08/2023 at 16:47 By Zeljka Zorz Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, researchers have discovered. “Our attacks are not computationally expensive, meaning anyone with the appropriate

React to this headline:

Loading spinner

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks Read More »

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking

ATM, Endpoint Security, Featured, Vulnerabilities, vulnerability /

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking 14/08/2023 at 13:46 By Eduard Kovacs Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs. The post Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking Read More »

Major vulnerabilities discovered in data center solutions

critical infrastructure, data center, Don't miss, Hot stuff, News, security update, Trellix, vulnerability /

Major vulnerabilities discovered in data center solutions 14/08/2023 at 13:17 By Helga Labus Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). “An attacker could chain these vulnerabilities together to gain full access to these

React to this headline:

Loading spinner

Major vulnerabilities discovered in data center solutions Read More »

Scroll to Top