SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)
July 20, 2023
Security and networking devices are “edge devices,” meaning they are connected to the internet. If an attacker is successful in exploiting a vulnerability on these appliances, they can gain initial access without human interaction, which reduces the chances of detection. As long as the exploit remains undiscovered, the threat actor can reuse it to gain access ...
- Google says Apple employee found a zero-day but did not report it
July 20, 2023
Google fixed a zero-day in Chrome that was found by an Apple employee, according to comments in the official bug report. While the bug itself is not newsworthy, the circumstances of how this bug was found and reported to Google are, to say the least, peculiar. According to a Google employee, the bug was originally found ...
- A nasty Google Cloud bug could let hackers use it to launch attacks
July 20, 2023
Cybersecurity researchers from Orca Security have uncovered a new bug in the Google Cloud Build service which could allow threat actors to gain almost full access to Google Artifact Registry code repositories. The repercussions of the flaw, the researchers are saying in their report, are quite dire. The researchers named the vulnerability Bad.Build, saying it allows ...
- CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519
July 20, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a ...
- Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
July 19, 2023
On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and its exploitation. In this post Kaspersky researchers highlight the key points ...
- DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771
July 19, 2023
In June 2023, FortiGuard Labs detected the propagation of several DDoS botnets exploiting the Zyxel vulnerability (CVE-2023-28771). This vulnerability is characterized by a command injection flaw affecting multiple firewall models that could potentially allow an unauthorized attacker to execute arbitrary code by sending a specifically crafted packet to the targeted device. The severity of this flaw, ...