vulnerability

PoCs for critical Arcserve UDP vulnerabilities released

Arcserve, Data Protection, disaster recovery, Don't miss, enterprise, News, PoC, Tenable, vulnerability /

PoCs for critical Arcserve UDP vulnerabilities released 29/11/2023 at 17:46 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday. The vulnerabilities Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution […]

React to this headline:

Loading spinner

PoCs for critical Arcserve UDP vulnerabilities released Read More »

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)

Chrome, Don't miss, exploit, Google, Hot stuff, News, security update, vulnerability /

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) 29/11/2023 at 14:46 By Helga Labus Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild. About CVE-2023-6345 CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne

React to this headline:

Loading spinner

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) Read More »

Design flaw leaves Google Workspace vulnerable for takeover

Google, Google Workspace, Hunters, News, vulnerability /

Design flaw leaves Google Workspace vulnerable for takeover 28/11/2023 at 18:31 By Help Net Security A design flaw in Google Workspace’s domain-wide delegation feature, discovered by Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in the

React to this headline:

Loading spinner

Design flaw leaves Google Workspace vulnerable for takeover Read More »

Critical Vulnerability Found in Ray AI Framework 

AI, Artificial Intelligence, vulnerability /

Critical Vulnerability Found in Ray AI Framework  28/11/2023 at 17:17 By Ionut Arghire A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes. The post Critical Vulnerability Found in Ray AI Framework  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Critical Vulnerability Found in Ray AI Framework  Read More »

Critical ownCloud flaw under attack (CVE-2023-49103)

Don't miss, GreyNoise, Hot stuff, News, ownCloud, SANS ISC, vulnerability /

Critical ownCloud flaw under attack (CVE-2023-49103) 28/11/2023 at 14:17 By Zeljka Zorz Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in enterprise settings. Greynoise and SANS ISC say attemps have been first spotted over the weekend, though Dr. Johannes Ullrich, Dean of

React to this headline:

Loading spinner

Critical ownCloud flaw under attack (CVE-2023-49103) Read More »

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)

data analytics, Don't miss, enterprise, Hot stuff, News, PoC, Splunk, vulnerability /

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) 27/11/2023 at 13:47 By Zeljka Zorz A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a solution

React to this headline:

Loading spinner

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) Read More »

How LockBit used Citrix Bleed to breach Boeing and other targets

ACSC, CISA, Citrix, Don't miss, FBI, Hot stuff, NetScaler, News, Ransomware, vulnerability /

How LockBit used Citrix Bleed to breach Boeing and other targets 22/11/2023 at 16:47 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business, and “other trusted third parties have observed similar activity impacting their organization,” cybersecurity and law enforcement officials have confirmed on

React to this headline:

Loading spinner

How LockBit used Citrix Bleed to breach Boeing and other targets Read More »

Apache ActiveMQ bug exploited to deliver Kinsing malware

Apache ActiveMQ, cryptojacking, Don't miss, exploit, Hot stuff, Linux, Malware, News, Trend Micro, vulnerability /

Apache ActiveMQ bug exploited to deliver Kinsing malware 21/11/2023 at 15:02 By Helga Labus Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services

React to this headline:

Loading spinner

Apache ActiveMQ bug exploited to deliver Kinsing malware Read More »

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)

CISA, Don't miss, enterprise, exploit, Hot stuff, News, PoC, Sophos, vulnerability /

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) 20/11/2023 at 14:47 By Helga Labus CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability

React to this headline:

Loading spinner

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) Read More »

Cybersecurity team claims up to $2.1B in crypto stored in old wallets is at risk

vulnerability /

Cybersecurity team claims up to $2.1B in crypto stored in old wallets is at risk 15/11/2023 at 12:03 By Cointelegraph By Ezra Reguerra The security firm urges those using wallets generated from 2011 to 2015 to transfer their assets to crypto wallets that were generated more recently. This article is an excerpt from Cointelegraph.com News

React to this headline:

Loading spinner

Cybersecurity team claims up to $2.1B in crypto stored in old wallets is at risk Read More »

Danish energy sector hit by a wave of coordinated cyberattacks

critical infrastructure, cyberattack, Don't miss, energy sector, exploit, Hot stuff, News, SektorCERT, vulnerability, Zyxel /

Danish energy sector hit by a wave of coordinated cyberattacks 14/11/2023 at 21:16 By Helga Labus The Danish energy sector has suffered what is believed to be the most extensive cyberattack in Danish history, according to SektorCERT. Danish energy sector under attack SektorCERT, an organization owned and funded by Danish critical infrastructure (CI) companies, uses

React to this headline:

Loading spinner

Danish energy sector hit by a wave of coordinated cyberattacks Read More »

Juniper networking devices under attack

CISA, Don't miss, enterprise, exploit, firewall, Hot stuff, Juniper Networks, News, vulnerability, WatchTowr /

Juniper networking devices under attack 14/11/2023 at 16:46 By Zeljka Zorz CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and have been – chained

React to this headline:

Loading spinner

Juniper networking devices under attack Read More »

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network

Authentication Bypass, Big-IP, Citrix, CVE-2023-46747, CVE-2023-46748, CVE-2023-4966, exploit, Gateway Buffer Overflow, NetScaler, SQL injection, vulnerability /

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network 08/11/2023 at 16:02 By cybleinc Cyble’s Global Sensors capture multiple exploit attempts targeting vulnerable BIG-IP and Citrix NetScaler instances. The post Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network appeared first on Cyble. This article

React to this headline:

Loading spinner

Active Exploitation of Big-IP and Citrix vulnerabilities observed by Cyble Global Sensor Intelligence Network Read More »

Looney Tunables bug exploited for cryptojacking

Aqua Security, cloud computing, cryptojacking, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Looney Tunables bug exploited for cryptojacking 07/11/2023 at 12:46 By Helga Labus Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications

React to this headline:

Loading spinner

Looney Tunables bug exploited for cryptojacking Read More »

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604)

Apache ActiveMQ, Don't miss, Hot stuff, News, PoC, Ransomware, Rapid7, security update, vulnerability /

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) 02/11/2023 at 17:01 By Zeljka Zorz Ransomware-wielding attackers are trying to break into servers running outdated versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). “Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two

React to this headline:

Loading spinner

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) Read More »

F5 BIG-IP vulnerabilities leveraged by attackers: What to do?

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, PoC, Praetorian, Project Discovery, SQL injection, traffic monitoring, vulnerability /

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? 02/11/2023 at 14:01 By Zeljka Zorz The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may show the same indicators,

React to this headline:

Loading spinner

F5 BIG-IP vulnerabilities leveraged by attackers: What to do? Read More »

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability

Data Exposure, Data Protection, Vulnerabilities, vulnerability /

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability 31/10/2023 at 21:30 By Ionut Arghire Atlassian warns that a critical vulnerability in Confluence Data Center and Server could lead to significant data loss if exploited. The post Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability appeared first on

React to this headline:

Loading spinner

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability Read More »

Attackers Exploiting Critical F5 BIG-IP Vulnerability

Uncategorized, vulnerability /

Attackers Exploiting Critical F5 BIG-IP Vulnerability 31/10/2023 at 18:49 By Ionut Arghire Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s  BIG-IP product started less than five days after public disclosure and PoC exploit code was published. The post Attackers Exploiting Critical F5 BIG-IP Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Attackers Exploiting Critical F5 BIG-IP Vulnerability Read More »

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)

Atlassian Confluence, Don't miss, Hot stuff, News, security update, vulnerability /

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) 31/10/2023 at 13:16 By Zeljka Zorz Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability (CVE-2023-22518) that could lead to “significant data loss if exploited by an unauthenticated attacker.” About CVE-2023-22518 CVE-2023-22518

React to this headline:

Loading spinner

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) Read More »

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)

Don't miss, enterprise, F5 Networks, Hot stuff, News, patch, Praetorian, traffic monitoring, vulnerability /

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) 30/10/2023 at 18:46 By Helga Labus F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian

React to this headline:

Loading spinner

F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) Read More »

Scroll to Top