vulnerability

Email forwarding flaws enable attackers to impersonate high-profile domains

Email forwarding flaws enable attackers to impersonate high-profile domains 11/09/2023 at 07:02 By Help Net Security Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The […]

Email forwarding flaws enable attackers to impersonate high-profile domains Read More »

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) 08/09/2023 at 14:02 By Zeljka Zorz A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support case,”

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) Read More »

Old vulnerabilities are still a big problem

Old vulnerabilities are still a big problem 06/09/2023 at 17:01 By Zeljka Zorz A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018,

Old vulnerabilities are still a big problem Read More »

AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure

AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure 06/09/2023 at 14:17 By Eduard Kovacs AtlasVPN developers are working on a patch for an IP leak vulnerability after a researcher publicly disclosed the flaw due to being ignored. The post AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure appeared first on SecurityWeek. This article

AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure Read More »

Atlas VPN zero-day allows sites to discover users’ IP address

Atlas VPN zero-day allows sites to discover users’ IP address 05/09/2023 at 20:47 By Zeljka Zorz Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several

Atlas VPN zero-day allows sites to discover users’ IP address Read More »

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) 30/08/2023 at 14:01 By Helga Labus VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) Read More »

Ransomware group exploits Citrix NetScaler systems for initial access

Ransomware group exploits Citrix NetScaler systems for initial access 29/08/2023 at 14:50 By Helga Labus A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using

Ransomware group exploits Citrix NetScaler systems for initial access Read More »

Easy-to-exploit Skype vulnerability reveals users’ IP address

Easy-to-exploit Skype vulnerability reveals users’ IP address 29/08/2023 at 13:32 By Zeljka Zorz A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vulnerability The security vulnerability has

Easy-to-exploit Skype vulnerability reveals users’ IP address Read More »

Is the cybersecurity community’s obsession with compliance counter-productive?

Is the cybersecurity community’s obsession with compliance counter-productive? 29/08/2023 at 07:01 By Help Net Security Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have

Is the cybersecurity community’s obsession with compliance counter-productive? Read More »

PoC for no-auth RCE on Juniper firewalls released

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

PoC for no-auth RCE on Juniper firewalls released Read More »

Uncovering a privacy-preserving approach to machine learning

Uncovering a privacy-preserving approach to machine learning 28/08/2023 at 08:01 By Help Net Security In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage. Although recent developments in generative artificial intelligence (AI) have raised unprecedented awareness around the

Uncovering a privacy-preserving approach to machine learning Read More »

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure 25/08/2023 at 15:36 By Helga Labus North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure Read More »

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies 

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  25/08/2023 at 14:48 By Eduard Kovacs Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP). The post Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  appeared first on SecurityWeek. This article is an excerpt from

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  Read More »

WinRAR patches zero-day bug that targeted stock and crypto traders

WinRAR patches zero-day bug that targeted stock and crypto traders 25/08/2023 at 08:04 By Cointelegraph By Martin Young According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise. This article is an excerpt from Cointelegraph.com News View Original Source

WinRAR patches zero-day bug that targeted stock and crypto traders Read More »

Does a secure coding training platform really work?

Does a secure coding training platform really work? 24/08/2023 at 07:31 By Help Net Security As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many

Does a secure coding training platform really work? Read More »

Anticipating the next wave of IoT cybersecurity challenges

Anticipating the next wave of IoT cybersecurity challenges 23/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. Atoui also delves

Anticipating the next wave of IoT cybersecurity challenges Read More »

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) 21/08/2023 at 14:47 By Helga Labus RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) Read More »

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) 17/08/2023 at 14:16 By Zeljka Zorz CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA)

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) Read More »

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise 16/08/2023 at 13:49 By Zeljka Zorz Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices,

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise Read More »

Scroll to Top