vulnerability

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, Praetorian, traffic monitoring, vulnerability /

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) 30/10/2023 at 18:46 By Helga Labus F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian […]

React to this headline:

Loading spinner

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) Read More »

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

Assetnote, Citrix, Don't miss, exploit, hardware, Hot stuff, Mandiant, NetScaler, News, Ransomware, vulnerability /

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) 30/10/2023 at 14:46 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybersecurity industry sources, one ransomware group has already distributed a Python script to automate the

React to this headline:

Loading spinner

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) Read More »

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

F5, Vulnerabilities, vulnerability /

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP 27/10/2023 at 17:47 By Ionut Arghire A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely. The post F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP Read More »

Apple news: iLeakage attack, MAC address leakage bug

apple, attack, data theft, Don't miss, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, research, vulnerability /

Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to

React to this headline:

Loading spinner

Apple news: iLeakage attack, MAC address leakage bug Read More »

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)

Don't miss, Hot stuff, News, security update, VMWare, vulnerability /

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) 25/10/2023 at 13:47 By Helga Labus VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual

React to this headline:

Loading spinner

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) Read More »

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant

Cisco, Malware & Threats, Vulnerabilities, vulnerability, Zero-Day /

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant 24/10/2023 at 20:02 By Eduard Kovacs The number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant. The post Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant appeared first on

React to this headline:

Loading spinner

Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant Read More »

North Korean hackers are targeting software developers and impersonating IT workers

APT, Don't miss, FBI, Hot stuff, Insider Threat, Microsoft, News, North Korea, software development, supply chain compromise, vulnerability /

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

React to this headline:

Loading spinner

North Korean hackers are targeting software developers and impersonating IT workers Read More »

Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198)

Cisco, Cisco IOS XE, CVE-2021-1435, CVE-2023-20198, vulnerability, Zero Day Vulnerability, Zero-Day /

Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198) 19/10/2023 at 16:02 By cybleinc Cyble Global Sensor Intelligence (CGSI) Networks observes the active exploitation of the Cisco IOS XE Zero-Day Vulnerability. The post Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198) appeared first on Cyble. This article is an excerpt from Cyble View Original

React to this headline:

Loading spinner

Cisco Devices Compromised through IOS XE Zero-Day Vulnerability (CVE-2023-20198) Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks

ICS, ICS/OT, router, Vulnerabilities, vulnerability /

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks 12/10/2023 at 14:46 By Eduard Kovacs Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks.  The post Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks Read More »

Unmasking the limitations of yearly penetration tests

Ambionics, communication, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, PCI DSS, penetration testing, risk assessment, shadow IT, Threat Intelligence, threats, vulnerability, web application /

Unmasking the limitations of yearly penetration tests 12/10/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Charles d’Hondt, Head of Operations, Ambionics Security, talks about the necessity of implementing continuous penetration testing because yearly ones are not enough. They leave blind spots and cannot match the security needs of regular releases and

React to this headline:

Loading spinner

Unmasking the limitations of yearly penetration tests Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

attack, attacks, AWS, Cloudflare, CVE, cybersecurity, DDoS, Google, News, threat, vulnerability /

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) 10/10/2023 at 16:21 By Help Net Security Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late

React to this headline:

Loading spinner

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Loading spinner

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Automotive cybersecurity: A decade of progress and challenges

attacks, automotive security, connected cars, cybersecurity, Don't miss, Hot stuff, IOActive, threats, Video, vulnerability /

Automotive cybersecurity: A decade of progress and challenges 09/10/2023 at 07:31 By Help Net Security As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive,

React to this headline:

Loading spinner

Automotive cybersecurity: A decade of progress and challenges Read More »

WinRAR Vulnerability Puts Illicit Content Consumers at Risk of Apanyan Stealer, Murk-Stealer & AsyncRAT

AntiVM, Apanyan Stealer, AsyncRAT, cybercrime, Malware, Murk Stealer, PowerShell Grabber, Threat Intelligence, vulnerability, WinRAR /

WinRAR Vulnerability Puts Illicit Content Consumers at Risk of Apanyan Stealer, Murk-Stealer & AsyncRAT 06/10/2023 at 16:02 By cybleinc CRIL analyses a malware campaign that targets illicit Content Consumers , with the goal of delivering Apanyan Stealer, Murk-Stealer, and AsyncRAT by exploiting WinRAR vulnerability. The post WinRAR Vulnerability Puts Illicit Content Consumers at Risk of

React to this headline:

Loading spinner

WinRAR Vulnerability Puts Illicit Content Consumers at Risk of Apanyan Stealer, Murk-Stealer & AsyncRAT Read More »

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, PoC, Qualys, Red Hat, security update, Ubuntu, vulnerability /

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) 05/10/2023 at 16:17 By Zeljka Zorz A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability

React to this headline:

Loading spinner

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) Read More »

Apple patches another iOS zero-day under attack (CVE-2023-42824)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, News, security update, vulnerability /

Apple patches another iOS zero-day under attack (CVE-2023-42824) 05/10/2023 at 13:47 By Helga Labus Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About the vulnerability (CVE-2023-42824) CVE-2023-42824 is a kernel vulnerability that could allow a local threat actor to elevate its privileges on

React to this headline:

Loading spinner

Apple patches another iOS zero-day under attack (CVE-2023-42824) Read More »

Scroll to Top