March 25, 2024 at 11:04AM Mozilla quickly patched two critical Firefox zero-day vulnerabilities after they were demonstrated by researcher Manfred Paul at the Pwn2Own event in Vancouver. The bugs, rated “critical,” allowed for out-of-bounds read/write and privileged code execution. Mozilla released Firefox 124.0.1 to address the vulnerabilities, with some users encountering upgrade issues. Paul earned … Read more
March 19, 2024 at 02:42AM Summary: Jenkins, a widely used open-source automation server, is affected by the CVE-2024-23897 file read vulnerability, allowing unauthorized access to files. This vulnerability poses a severe security risk, with potential exploitation scenarios including remote code execution. Various attack instances have been observed, emphasizing the urgency of securing Jenkins installations. Trend … Read more
February 21, 2024 at 12:19PM ConnectWise recently disclosed two vulnerabilities in its ScreenConnect software, leading to immediate exploitation by attackers. CISA assigned CVE-2024-1708 and CVE-2024-1709 identifiers to these security issues. ConnectWise advised updating servers to version 23.9.8 to mitigate risk, highlighting compromises to multiple ScreenConnect accounts. Cybersecurity company Huntress emphasized the ease of exploiting these … Read more
February 13, 2024 at 03:16PM Microsoft issued a patch for CVE-2024-21412, a zero-day SmartScreen vulnerability used by the Water Hydra APT group to target financial market traders. Trend Micro protects customers from this, emphasizing the importance of proactive cybersecurity measures and a dedicated bug bounty program. Trend customers have been protected since January 17 via … Read more
February 10, 2024 at 10:17AM Recent versions of the Raspberry Robin malware use stealthy one-day exploits for vulnerabilities in software, before the fixes are widely deployed. The malware has evolved since its 2021 discovery and now employs new evasion and distribution methods. It has been observed targeting systems globally and using Discord for malicious file … Read more
February 7, 2024 at 04:40AM The blog entry discusses the critical Atlassian Confluence vulnerability CVE-2023-22527, which facilitates remote code execution. Update to Confluence version 8.5.4 or 8.5.5 to address the flaw. The vulnerability’s technical breakdown, exploitation scenarios, and available security solutions are detailed, underscoring the urgency for patching and utilizing security measures. The meeting notes … Read more
January 22, 2024 at 03:24PM Apple has released iOS 17.3 and macOS Sonoma 14.3 updates to address 16 vulnerabilities including WebKit flaws exploited in zero-day attacks. Apple warns of code execution, denial-of-service, and data exposure threats and suspects recent exploitation. The updates also fix security issues in several other components. Apple hasn’t provided technical details … Read more
January 17, 2024 at 05:06AM Citrix published a security bulletin revealing that two zero-day vulnerabilities in NetScaler ADC and Gateway products are being exploited. CVE-2023-6548 allows remote execution of code, and CVE-2023-6549 enables DoS attacks. Citrix advises immediate patch installation. The vulnerabilities may be exploited in targeted attacks but are not expected to have significant … Read more
January 11, 2024 at 10:28AM Chinese nation-state attackers have been exploiting two zero-day vulnerabilities in Ivanti’s security products, particularly affecting Ivanti Connect Secure (ICS) and Policy Secure. The US Cybersecurity and Infrastructure Security Agency (CISA) has advised users to apply the current workaround. Ivanti’s patches for the vulnerabilities are staggered, and organizations are urged to … Read more
December 15, 2023 at 02:37AM The blog discusses CVE-2023-50164, a critical vulnerability in Apache Struts 2 that enables unauthorized path traversal and remote code execution. It advises users to upgrade to Struts 2.5.33, 6.3.0.2, or higher to mitigate the risk. The vulnerability is exploited by various threat actors and can be mitigated using security solutions … Read more