News • Insights • Analysis
On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023. Successful Read More …
Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no Read More …
Cisco Talos recently disclosed 11 vulnerabilities, 10 of which are zero-days without a patch in an industrial cellular router. Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the Read More …
On September 18, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) announced that its Known Exploited Vulnerabilities (KEV) catalog has reached the milestone of covering more than 1,000 vulnerabilities since its launch in November 2021. This may seem like a Read More …
CISA released three Industrial Control Systems (ICS) advisories on October 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-278-01 Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products ICSA-23-278-02 Qognify NiceVision Read Read More …
Thanks to improvements in security mechanisms and mitigations, hacking cell phones — both running iOS and Android — has become an expensive endeavor. That’s why hacking techniques for apps like WhatsApp are now worth millions of dollars, TechCrunch has learned. Read More …
Unit 42 researchers have added additional information on CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 vulnerabilities using data gathered from Advanced Threat Prevention. On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) Read More …
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-5217 Google Chrome libvpx Heap Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose Read More …
CISA released three Industrial Control Systems (ICS) advisories on September 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-271-01 Rockwell Automation PanelView 800 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Read More …
Cisco Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser. Attackers could exploit these vulnerabilities to carry out a variety of attacks, in some cases gaining the ability Read More …
