February 12, 2024 at 02:03PM CISA warns of active exploitation of Roundcube email server vulnerability (CVE-2023-43770), impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The security flaw leads to persistent cross-site scripting attacks. CISA has added it to the Known Exploited Vulnerabilities Catalog, urging immediate patching by federal agencies and private … Read more
January 19, 2024 at 06:12AM The US security agency CISA warns of increasing exploitation of two Ivanti Connect Secure VPN vulnerabilities by a Chinese cyberespionage group, compromising over 2,100 devices belonging to various organizations. Additionally, a separate Ivanti product flaw is being exploited. Patches have been released with mitigations, but widespread exploitation continues, including new … Read more
January 12, 2024 at 02:47PM CISA warned of active exploitation of critical Microsoft SharePoint vulnerabilities, including CVE-2023-29357, which allows attackers to gain admin privileges using spoofed JWT tokens. When chained with another bug, remote code execution is possible. These exploits have gained attention after a successful demo at the Pwn2Own contest, leading to the release … Read more
January 12, 2024 at 12:40PM Juniper Networks has addressed a critical pre-auth remote code execution vulnerability affecting SRX Series firewalls and EX Series switches, tracked as CVE-2024-21591. Vulnerable Junos OS versions are listed, and admins are urged to apply security updates or disable the J-Web interface. CISA also warned of a previous exploit on Juniper … Read more
December 7, 2023 at 04:48PM The US cybersecurity agency, CISA, issued a warning about the Russian ‘Star Blizzard’ APT, which is conducting a spear-phishing operation against sectors including academia, defense, government, NGOs, and think-tanks. Takeaways from Meeting Notes: 1. The US cybersecurity agency has issued an alert regarding a Russian Advanced Persistent Threat (APT) known … Read more
December 1, 2023 at 01:24PM Congress members urged the DOJ to probe a foreign cyber-attack on a Pittsburgh-area water utility, leading CISA to caution other water facilities about potential vulnerabilities. (Note: The summary is based on the information provided and does not include the sentence “The post Congressmen Ask DOJ to Investigate Water Utility Hack, … Read more