Recent Security News
-
Four in five Apache Struts 2 downloads are for versions featuring critical flaw
December 21, 2023 at 09:20AM Sonatype reports low adoption of fixed versions of Struts 2 despite a critical RCE vulnerability (CVE-2023-50164) in the frameworkâs file upload feature. The fix is simple: use updated Struts versions. With active exploitation and ease of automatable attacks, Sonatype urges immediate upgrades to mitigate potential risks and emphasizes vigilant maintenance…
-
ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature
December 21, 2023 at 08:33AM ESET releases patches to fix a high-severity vulnerability in its endpoint and server security products. The flaw, CVE-2023-5594, affected the SSL/TLS protocol scanning feature and could make web browsers trust untrustworthy sites. The patch is automatically rolling out via product updates since November 21, with no user interaction required. ESET…
-
New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide
December 21, 2023 at 07:51AM A new JavaScript malware targets over 40 financial institutions worldwide, compromising users’ banking credentials via web injections. The campaign, detected by IBM Security Trusteer, uses dynamic tactics to bypass security measures and dissuade victims from logging in. Additionally, other online fraud schemes, including investment scams and phishing attacks impersonating postal…
-
ESO Solutions Data Breach Impacts 2.7 Million Individuals
December 21, 2023 at 07:33AM ESO Solutions suffered a ransomware attack, compromising personal and health information of 2.7 million individuals, including patient details from various healthcare providers. The company claims it restored the affected systems from backups and secured the deletion of the data. ESO has initiated notifications and is cooperating with law enforcement for…
-
Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product
December 21, 2023 at 07:33AM Ivanti has released Avalanche 6.4.2 to patch 20 vulnerabilities in its enterprise mobile device management product. The flaws, including critical ones, can be exploited for remote code execution and denial-of-service attacks. Customers are urged to install the patches promptly due to the potential targeting of Ivanti product vulnerabilities by threat…