Recent Security News
-
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
November 14, 2023 at 03:05PM LockBit ransomware attacks are exploiting the Citrix Bleed vulnerability (CVE-2023-4966) to breach large organizations’ systems, steal data, and encrypt files. Despite Citrix releasing fixes for the vulnerability over a month ago, thousands of vulnerable appliances are still running, many in the U.S. LockBit affiliates are likely responsible for the attacks,…
-
21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers
November 14, 2023 at 02:41PM Researchers have discovered 21 vulnerabilities in a popular brand of industrial router commonly used in the medical and manufacturing sectors. These vulnerabilities range from design flaws like hardcoded credentials to how the device handles potentially malicious inputs. Attackers who exploit these vulnerabilities can bypass security measures and target critical devices…
-
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
November 14, 2023 at 02:27PM Researchers from the CISPA Helmholtz Center for Information Security have discovered a new software fault attack called CacheWarp that targets AMD’s Secure Encrypted Virtualization (SEV) technology. The attack exploits a vulnerability in SEV to infiltrate encrypted virtual machines and achieve privilege escalation. AMD has released a microcode update to address…
-
Microsoft November 2023 Patch Tuesday fixes 5 zero-days. 58 flaws
November 14, 2023 at 02:00PM The text provides a list of various CVE IDs and their corresponding titles and severities. These vulnerabilities span across different Microsoft products such as .NET Framework, ASP.NET, Azure, Mariner, Microsoft Edge, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Office, and others. The severity of the vulnerabilities ranges from Important to Critical.…