Recent Security News
-
Mirai DDoS malware variant expands targets with 13 router exploits
October 10, 2023 at 04:36PM The Mirai-based DDoS malware botnet known as IZ1H9 has expanded its targets to include Linux-based routers and routers from brands like D-Link, Zyxel, TP-Link, and TOTOLINK. Fortinet researchers have observed high exploitation rates in September, with tens of thousands of attempts on vulnerable devices. IZ1H9 compromises devices, enlists them in…
-
October 10, 2023 at 12:16PM – North Korea’s State-Sponsored APTs Organize & Align
October 10, 2023 at 12:16PM North Korean APT groups have increased collaboration and coordination during the COVID-19 pandemic. The lines are blurring between individual groups, making it difficult to determine responsibility for specific threat activities. North Korean actors are diversifying attacks, sharing tools and code, and targeting the supply chain. Collaboration between defenders, governments, and…
-
October 10, 2023 at 12:07PM – Researcher bags two-for-one deal on Linux bugs while probing GNOME component
October 10, 2023 at 12:07PM Researchers have discovered a high-severity remote code execution (RCE) vulnerability in a component of GNOME-based Linux distros. Tracked as CVE-2023-43641, the exploit takes advantage of the libcue library, used to parse cue sheets, and the tracker-miners application. The vulnerability affects all GNOME-based distros and can be triggered by downloading a…
-
Microsoft Exchange gets ‘better’ patch to mitigate critical bug
October 10, 2023 at 04:07PM Microsoft has released a new security update (CVE-2023-36434) to address a critical vulnerability in Microsoft Exchange Server (CVE-2023-21709). The update eliminates the need for additional steps and manual removal of a vulnerable Windows IIS Token Cache module. Admins who have already removed the module must install the new security update…
-
October 10, 2023 at 11:55AM – New critical Citrix NetScaler flaw exposes ‘sensitive’ data
October 10, 2023 at 11:55AM Citrix NetScaler ADC and NetScaler Gateway are affected by two vulnerabilities, CVE-2023-4966 and CVE-2023-4967. The first flaw allows for the disclosure of sensitive information, while the second can lead to denial of service. Upgrading to the recommended fixed versions is advised. Version 12.1 has reached end-of-life and no longer receives…