Recent Security News
-
Remote Code Execution Vulnerability Found in Opera File Sharing Feature
January 16, 2024 at 09:12AM Vulnerability in Opera browser feature My Flow allowed remote code execution. Guardio Labs found old, vulnerable landing pages and created a proof-of-concept to execute malicious code. The issue was resolved in November 2023. Opera confirmed the vulnerability and deployed a fix. No evidence of in-the-wild exploitation was found. Opera is…
-
180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE
January 16, 2024 at 09:12AM Report: Many SonicWall next-generation firewall devices are unpatched for critical vulnerabilities CVE-2022-22274 and CVE-2023-0656, with potential for DoS and RCE attacks. Over 178,000 vulnerable devices found, and new PoC exploits developed. Recommendations include applying patches immediately due to known exploitation in malicious attacks. Key Takeaways from Meeting Notes: – Cybersecurity…
-
VMware Urges Customers to Patch Critical Aria Automation Vulnerability
January 16, 2024 at 09:12AM VMware has urged customers to patch a critical vulnerability (CVE-2023-34063, CVSS score of 9.9) affecting Aria Automation and Cloud Foundation. The missing access control flaw could allow unauthorized access to remote organizations and workflows. VMware has released patches for impacted versions and credited external researchers for discovering the vulnerability. Threat…
-
Remcos RAT Spreading Through Adult Games in New Attack Wave
January 16, 2024 at 08:33AM The Remcos RAT, disguised as adult-themed games, is being distributed in South Korea through webhards. This sophisticated remote access trojan allows threat actors to unauthorizedly control and surveil compromised hosts, exfiltrating sensitive information. Originally marketed as a remote administration tool, it has evolved into a potent weapon for infiltrating systems…
-
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks
January 16, 2024 at 08:21AM Security researchers have uncovered vulnerabilities in over 178,000 SonicWall next-generation firewalls (NGFW) with exposed management interfaces online, potentially leading to denial-of-service (DoS) and remote code execution (RCE) attacks. These vulnerabilities could impact a significant number of SonicWall devices and may pose a serious threat to corporate networks, emphasizing the need…