Recent Security News
-
Ivanti zero-day exploits explode as bevy of attackers get in on the act
January 16, 2024 at 10:04AM Ivanti Connect Secure (ICS) VPN users are at risk if they have not applied recent vulnerability mitigation. Over 1,700 devices have been compromised due to successful exploits. The attacks have targeted a wide range of organizations globally. Users are advised to run Ivanti’s Integrity Checker Tool to detect compromises and…
-
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now
January 16, 2024 at 09:39AM Over 178,000 SonicWall firewalls are susceptible to two security vulnerabilities. These flaws could lead to denial-of-service conditions and remote code execution. While there’s no evidence of exploits, a proof-of-concept for one vulnerability has been released. The cybersecurity firm warns that bad actors could use these flaws to trigger repeated crashes…
-
Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation
January 16, 2024 at 09:12AM Quarkslab discovered multiple critical vulnerabilities in the EDK II network stack, posing a risk of remote code execution attacks. These vulnerabilities, known as PixieFAIL, affect the PXE implementation and are utilized by various vendors, including Microsoft. Quarkslab released proof-of-concept code for the vulnerabilities and anticipates the CERT Coordination Center to…
-
Remote Code Execution Vulnerability Found in Opera File Sharing Feature
January 16, 2024 at 09:12AM Vulnerability in Opera browser feature My Flow allowed remote code execution. Guardio Labs found old, vulnerable landing pages and created a proof-of-concept to execute malicious code. The issue was resolved in November 2023. Opera confirmed the vulnerability and deployed a fix. No evidence of in-the-wild exploitation was found. Opera is…
-
180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE
January 16, 2024 at 09:12AM Report: Many SonicWall next-generation firewall devices are unpatched for critical vulnerabilities CVE-2022-22274 and CVE-2023-0656, with potential for DoS and RCE attacks. Over 178,000 vulnerable devices found, and new PoC exploits developed. Recommendations include applying patches immediately due to known exploitation in malicious attacks. Key Takeaways from Meeting Notes: – Cybersecurity…