The French Government Says It’s Being Targeted by Unusual Intense Cyberattacks

March 11, 2024 at 10:45PM The French government reported unprecedented cyberattacks targeting several of its services, prompting the activation of a crisis center to restore online services. While the impact has been reduced, details of the attacks and responsible group, supposedly Anonymous Sudan, are not confirmed. France has been enhancing cyber defenses ahead of the … Read more

KeyTrap attack: Internet access disrupted with one DNS packet

February 19, 2024 at 08:38AM A serious vulnerability named KeyTrap in the DNSSEC feature could be exploited to deny internet access to applications for an extended period. Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC impacting DNS implementations. Researchers from ATHENE and partners discovered and addressed the issue, working with DNS service providers. … Read more

Citrix warns of new Netscaler zero-days exploited in attacks

January 16, 2024 at 03:33PM Citrix has warned customers to immediately patch their vulnerable Netscaler ADC and Gateway appliances against actively exploited zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549). The company advises blocking network traffic to affected instances if updates cannot be deployed immediately, and separating the management interface from internet exposure to reduce the risk of … Read more

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now

January 16, 2024 at 09:39AM Over 178,000 SonicWall firewalls are susceptible to two security vulnerabilities. These flaws could lead to denial-of-service conditions and remote code execution. While there’s no evidence of exploits, a proof-of-concept for one vulnerability has been released. The cybersecurity firm warns that bad actors could use these flaws to trigger repeated crashes … Read more

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

January 16, 2024 at 09:12AM Report: Many SonicWall next-generation firewall devices are unpatched for critical vulnerabilities CVE-2022-22274 and CVE-2023-0656, with potential for DoS and RCE attacks. Over 178,000 vulnerable devices found, and new PoC exploits developed. Recommendations include applying patches immediately due to known exploitation in malicious attacks. Key Takeaways from Meeting Notes: – Cybersecurity … Read more

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks

January 16, 2024 at 08:21AM Security researchers have uncovered vulnerabilities in over 178,000 SonicWall next-generation firewalls (NGFW) with exposed management interfaces online, potentially leading to denial-of-service (DoS) and remote code execution (RCE) attacks. These vulnerabilities could impact a significant number of SonicWall devices and may pose a serious threat to corporate networks, emphasizing the need … Read more

Over 178,000 SonicWall firewalls vulnerable to RCE, DoS attacks

January 15, 2024 at 01:34PM Security researchers discovered that more than 178,000 SonicWall firewalls with exposed online management interfaces are vulnerable to denial-of-service and remote code execution attacks. These vulnerabilities affect a large number of appliances and can lead to serious security risks. Users are advised to take measures to protect their devices from these … Read more

Ivanti releases patches for 13 critical Avalanche RCE flaws

December 20, 2023 at 01:10PM Ivanti released security updates fixing 13 critical vulnerabilities in their Avalanche enterprise mobile device management (MDM) solution. The flaws relate to buffer overflows. Unauthenticated attackers could exploit them for remote code execution. All issues were resolved in Avalanche v6.4.2.313. CISA and NCSC-NO have expressed concern about potential widespread exploitation in … Read more

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices

November 30, 2023 at 12:06PM Zyxel has issued patches for over 15 security vulnerabilities in its firewalls, access points, and NAS devices, mitigating risks of authentication bypass, command injection, and DoS attacks. Meeting Takeaways: 1. **Zyxel Security Update**: Zyxel has implemented patches for at least 15 security vulnerabilities. 2. **Types of Vulnerabilities Addressed**: – **Authentication … Read more

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

November 15, 2023 at 02:57AM Intel has released fixes for a high-severity flaw called Reptar that affects its desktop, mobile, and server CPUs. The vulnerability, tracked as CVE-2023-23583, allows for privilege escalation, information disclosure, denial of service, and bypassing of security boundaries. Intel has published updated microcode for all affected processors and there is currently … Read more