Recent Security News
-
Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE
January 16, 2024 at 01:10PM A critical unauthenticated remote code execution (RCE) vulnerability affects Atlassian Confluence Data Center and Confluence Server versions released before Dec. 5 (CVE-2023-22527). The bug carries a 10/10 severity rating and affects versions 8.0.x to 8.5.3. Organizations should update to the latest versions to defend against potential cyber-attacks, as no mitigations…
-
Africa, Middle East Lead Peers in Cybersecurity, But Lag Globally
January 16, 2024 at 01:10PM Africa and the Middle East stand out in cybersecurity compared to their economic peers, but fall short in overall cyber resilience. Despite this, efforts to improve cybersecurity in the regions are underway, including investing in replacing outdated technology and creating stronger workflows for identifying threats. Sustaining these efforts will require…
-
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials
January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact…
-
PixieFail flaws impact PXE network boot in enterprise systems
January 16, 2024 at 12:19PM A set of nine vulnerabilities, named ‘PixieFail,’ impact Tianocore’s EDK II, an open-source implementation of the UEFI spec widely used in enterprise computers. The flaws, discovered by Quarkslab, affect the PXE boot process and expose systems to DoS, RCE, network session hijacking, and other attacks. Multiple vendors, including major tech…
-
178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks
January 16, 2024 at 11:51AM Two unauthenticated denial-of-service (DoS) vulnerabilities, CVE-2022-22274 and CVE-2023-0656, threaten the security of SonicWall next-generation firewall devices. Attackers can exploit these flaws to crash devices or execute remote code. Vulnerable SonicWall series 6 and 7 firewalls are at risk. Administrators are urged to update to the latest firmware to mitigate potential…