Recent Security News
-
Oracle Patches 185 Vulnerabilities With October 2023 CPU
October 18, 2023 at 08:48AM Oracle has released 387 new security patches as part of the October 2023 CPU. Over 40 patches address critical-severity flaws and more than 200 resolve bugs that can be remotely exploited. The patches cover various Oracle products, with Financial Services Applications receiving the most fixes. Oracle advises customers to apply…
-
Unraveling Real-Life Attack Paths – Key Lessons Learned
October 18, 2023 at 08:15AM Attackers in the cybersecurity landscape are constantly searching for vulnerabilities and exploit combinations within organizational environments. Security tools often fail to prioritize threats effectively and provide context on how issues can be leveraged by attackers. Real-life attack path scenarios reveal that 75% of critical assets can be compromised in their…
-
Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign
October 18, 2023 at 08:15AM A new campaign called Qubitstrike has emerged, targeting exposed Jupyter Notebooks to mine cryptocurrency and breach cloud environments. The threat actor, likely from Tunisia, uses the Telegram API to steal credentials and launch the attack. The primary payload is a shell script that executes a cryptocurrency miner, establishes persistence, and…
-
Recently patched Citrix NetScaler bug exploited as zero-day since August
October 18, 2023 at 08:02AM A critical vulnerability, known as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August. The issue allows attackers to access secrets in gateways configured as authentication, authorization, and accounting (AAA) virtual servers. Citrix has released a fix and urges customers to install the…
-
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
October 18, 2023 at 08:02AM Hackers are targeting internet-exposed Jupyter Notebooks to breach servers and deploy malware, including a Linux rootkit, crypto miners, and password-stealing scripts. This new campaign, called ‘Qubitstrike,’ aims to hijack Linux servers for cryptomining and steal credentials for cloud services. The malware is hosted on codeberg.org, marking the first instance of…