Recent Security News
-
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet
January 16, 2024 at 04:34PM Ivanti VPNs globally compromised due to two unpatched zero-day vulnerabilities, allowing attackers to gain network access. Thousands infected, primarily by group UTA0178, with no available patches until Jan. 22 and Feb. 19. Ivanti released a mitigation and Integrity Checker Tool for existing compromises. Customers advised to follow incident response playbook…
-
Google Warns of Chrome Browser Zero-Day Being Exploited
January 16, 2024 at 04:24PM Google has released an urgent Chrome browser update to address three high-severity security flaws, warning that one is currently being exploited in the wild. The exploited zero-day, CVE-2024-0519, is an out-of-bounds memory access issue in the V8 JavaScript engine. The update also covers two additional high-risk memory safety issues. This…
-
Citrix warns of new Netscaler zero-days exploited in attacks
January 16, 2024 at 03:33PM Citrix has warned customers to immediately patch their vulnerable Netscaler ADC and Gateway appliances against actively exploited zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549). The company advises blocking network traffic to affected instances if updates cannot be deployed immediately, and separating the management interface from internet exposure to reduce the risk of…
-
Locking down the edge
January 16, 2024 at 03:22PM As operational functions move to distributed sites and devices, edge security becomes a growing concern. Hosting data at edge locations presents increased vulnerabilities, especially in sectors like healthcare and manufacturing. Edge breaches can have severe consequences and require high-level cybersecurity protection. Dell Technologies’ webinar discusses these challenges and proposes a…
-
Google fixes first actively exploited Chrome zero-day of 2024
January 16, 2024 at 02:14PM Google has released security updates to address the first Chrome zero-day vulnerability (CVE-2024-0519) exploited since the beginning of the year. This high-severity flaw in the Chrome V8 JavaScript engine allows attackers to access sensitive data, trigger crashes, and potentially execute arbitrary code. Google also fixed two other vulnerabilities (CVE-2024-0517 and…