vulnerability

Top 12 vulnerabilities routinely exploited in 2022

ACSC, CISA, Don't miss, exploit, FBI, Hot stuff, NCSC, News, trends, vulnerability /

Top 12 vulnerabilities routinely exploited in 2022 04/08/2023 at 16:31 By Helga Labus Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also “popular” with attackers. The top 12 “In 2022, malicious cyber actors exploited older […]

React to this headline:

Loading spinner

Top 12 vulnerabilities routinely exploited in 2022 Read More »

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

Ivanti, Vulnerabilities, vulnerability /

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed 04/08/2023 at 13:31 By Eduard Kovacs Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed. The post Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed appeared first on

React to this headline:

Loading spinner

Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed Read More »

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

Featured, Government, Vulnerabilities, vulnerability /

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities 04/08/2023 at 12:31 By Ionut Arghire Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The post Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities Read More »

VPNs remain a risky gamble for remote access

cybersecurity, News, Ransomware, report, survey, VPN, vulnerability, zero trust, Zscaler /

VPNs remain a risky gamble for remote access 04/08/2023 at 06:33 By Help Net Security Organizations are expressing deep concerns about their network security due to the risks from VPNs, according to a new Zscaler report. The report stresses the need for organizations to reevaluate their security posture and migrate to a zero-trust architecture due

React to this headline:

Loading spinner

VPNs remain a risky gamble for remote access Read More »

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

ICS, ICS/OT, vulnerability /

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis 03/08/2023 at 19:46 By Eduard Kovacs CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor. The post 670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis appeared

React to this headline:

Loading spinner

670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis Read More »

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)

0-day, Don't miss, endpoint management, Hot stuff, Ivanti, MobileIron, News, Rapid7, security update, vulnerability /

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) 03/08/2023 at 13:46 By Helga Labus Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of

React to this headline:

Loading spinner

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) Read More »

Salesforce and Meta suffer phishing campaign that evades typical detection methods

0-day, cybercrime, cybersecurity, email security, Facebook, Guardio, News, phishing, Salesforce, vulnerability /

Salesforce and Meta suffer phishing campaign that evades typical detection methods 02/08/2023 at 17:18 By Help Net Security The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability allowed threat actors

React to this headline:

Loading spinner

Salesforce and Meta suffer phishing campaign that evades typical detection methods Read More »

Android n-day bugs pose zero-day threat

0-day, Android, Don't miss, Google, Hot stuff, News, patching, vulnerability /

Android n-day bugs pose zero-day threat 01/08/2023 at 14:17 By Helga Labus In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the vendor but known to – and

React to this headline:

Loading spinner

Android n-day bugs pose zero-day threat Read More »

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

0-day, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, Mnemonic, MobileIron, News, security update, vulnerability /

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) 31/07/2023 at 16:32 By Helga Labus Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to target

React to this headline:

Loading spinner

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) Read More »

New persistent backdoor used in attacks on Barracuda ESG appliances

backdoor, Barracuda Networks, CISA, Don't miss, exploit, Hot stuff, News, vulnerability /

New persistent backdoor used in attacks on Barracuda ESG appliances 31/07/2023 at 13:32 By Helga Labus The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracuda ESG zero-day exploit and backdoors In late

React to this headline:

Loading spinner

New persistent backdoor used in attacks on Barracuda ESG appliances Read More »

Stremio vulnerability exposes millions to RCE and data theft

CyFox, data theft, Don't miss, exploit, hijacking, News, vulnerability, Windows /

Stremio vulnerability exposes millions to RCE and data theft 31/07/2023 at 11:02 By Help Net Security CyFox has recently identified a critical hijacking vulnerability in Stremio 4.4, a popular software platform for streaming movies and TV shows. With over 5 million users relying on Stremio for their entertainment needs, this vulnerability poses a significant risk

React to this headline:

Loading spinner

Stremio vulnerability exposes millions to RCE and data theft Read More »

Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads

cloud security, Featured, Ubuntu, Vulnerabilities, vulnerability /

Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads 27/07/2023 at 17:20 By Kevin Townsend Researchers discovered two vulnerabilities in the Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629 (together dubbed ‘GameOver(lay)’). The post Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads Read More »

MikroTik vulnerability could be used to hijack 900,000 routers (CVE-2023-30799)

Don't miss, Hot stuff, Margin Research, mikrotik, News, router, VulnCheck, vulnerability /

MikroTik vulnerability could be used to hijack 900,000 routers (CVE-2023-30799) 26/07/2023 at 16:47 By Zeljka Zorz A privilege escalation vulnerability (CVE-2023-30799) could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines. While exploting it does require authentication, acquiring credentials to access the routers is not that difficult. “RouterOS [the underlying

React to this headline:

Loading spinner

MikroTik vulnerability could be used to hijack 900,000 routers (CVE-2023-30799) Read More »

TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems

ICS, ICS/OT, Vulnerabilities, vulnerability /

TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems 25/07/2023 at 19:32 By Kevin Townsend TETRA:BURST – vulnerabilities in widely used radio standard could threaten military and law enforcement communications, as well as ICS. The post TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems Read More »

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, Kaspersky, macOS, News, security update, vulnerability /

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606) 25/07/2023 at 12:57 By Helga Labus Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in WebKit. The vulnerability has been patched

React to this headline:

Loading spinner

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606) Read More »

Inspiring secure coding: Strategies to encourage developers’ continuous improvement

Application Security, bug bounty, code, cyber risk, cybersecurity, Don't miss, education, Features, framework, Hot stuff, News, opinion, Secure Code Warrior, security culture, training, vulnerability /

Inspiring secure coding: Strategies to encourage developers’ continuous improvement 25/07/2023 at 07:38 By Mirko Zorz In software development, the importance of secure coding practices cannot be overstated. Fostering a security culture within development teams has become crucial to ensure the integrity and protection of digital systems. To delve deeper into this topic, we had the

React to this headline:

Loading spinner

Inspiring secure coding: Strategies to encourage developers’ continuous improvement Read More »

Perimeter81 Vulnerability Disclosed After Botched Disclosure Process

Vulnerabilities, vulnerability /

Perimeter81 Vulnerability Disclosed After Botched Disclosure Process 24/07/2023 at 14:30 By Eduard Kovacs Cybersecurity firm Perimeter81 appears to have botched the responsible disclosure process for a privilege escalation vulnerability found in its macOS application. The post Perimeter81 Vulnerability Disclosed After Botched Disclosure Process appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Perimeter81 Vulnerability Disclosed After Botched Disclosure Process Read More »

OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers

Vulnerabilities, vulnerability /

OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers 21/07/2023 at 16:03 By Ionut Arghire Three vulnerabilities in Apache OpenMeetings could be exploited by attackers to take over an administrator account and execute arbitrary code remotely. The post OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers appeared first on SecurityWeek.

React to this headline:

Loading spinner

OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers Read More »

LLMs and AI positioned to dominate the AppSec world

Application Security, cybersecurity, Endor Labs, Malware, News, open source, report, vulnerability /

LLMs and AI positioned to dominate the AppSec world 20/07/2023 at 07:33 By Help Net Security As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open source components, dependency management only gets harder, according to Endor Labs. Application development risks A new research report explores emerging trends that software organizations

React to this headline:

Loading spinner

LLMs and AI positioned to dominate the AppSec world Read More »

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)

0-day, Citrix, Don't miss, Hot stuff, News, security update, vulnerability /

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519) 19/07/2023 at 12:34 By Helga Labus Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. A zero-day patched (CVE-2023-3519) CVE-2023-3519 is a remote

React to this headline:

Loading spinner

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519) Read More »

Scroll to Top