July 2, 2024 at 02:08AM Velvet Ant, a Chinese cyber espionage group, has exploited a zero-day flaw in Cisco NX-OS Software to deliver custom malware and gain control over compromised Cisco Nexus devices. This vulnerability, CVE-2024-20399, allows an attacker with administrator credentials to execute commands as root. The impacted devices include various Nexus switches. Additionally, … Read more
July 1, 2024 at 08:21AM Attackers are targeting a critical vulnerability (CVE-2024-0769) in discontinued D-Link DIR-859 WiFi routers, enabling remote exploitation without authentication and leaking sensitive information. A published exploit has already been observed in the wild, and mass exploitation is anticipated. D-Link urges owners to replace these devices, as they are no longer receiving … Read more
June 21, 2024 at 09:21AM Threat actors are exploiting a recently patched SolarWinds Serv-U vulnerability (CVE-2024-28995) using public proof-of-concept code, as reported by GreyNoise. The vulnerability allows unauthorized access to sensitive files on the host machine. Rapid7 published a technical writeup on successfully exploiting the issue, warning of its trivial exploitability. SolarWinds customers are urged … Read more
June 21, 2024 at 05:24AM A high-severity flaw in SolarWinds Serv-U file transfer software (CVE-2024-28995, CVSS score: 8.6) allows attackers to read sensitive files. Security researcher Hussein Daher discovered the flaw, and a proof-of-concept exploit has been made available. Rapid7 described it as trivial to exploit. Users are urged to apply updates promptly to mitigate … Read more
June 20, 2024 at 11:54AM Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability using publicly available proof-of-concept exploits. The CVE-2024-28995 flaw allows unauthenticated attackers to read arbitrary files from the filesystem. SolarWinds released a fix, but public exploits are available, making it crucial for administrators to apply the security updates promptly. Based on … Read more
April 12, 2024 at 07:36AM The recently disclosed D-Link NAS device vulnerabilities, assigned 2 identifiers, are being exploited, prompting D-Link to urge customers to replace affected devices. Exploitation attempts increased to 140 unique IPs, and Shadowserver Foundation reported seeing over 150 IPs attempting to exploit the vulnerabilities. GreyNoise reported roughly 5,500 impacted devices, while Shadowserver … Read more
April 9, 2024 at 02:15AM Security flaws in legacy D-Link NAS devices are being exploited by threat actors, impacting over 92,000 internet-exposed devices. The vulnerabilities allow arbitrary command execution, potentially leading to unauthorized access and denial-of-service conditions. No patches are expected, and users are advised to replace affected devices or firewall remote access. Attackers are … Read more
March 26, 2024 at 06:42AM The US cybersecurity agency, CISA, warns about the exploitation of CVE-2023-48788, a critical SQL injection bug affecting Fortinet’s FortiClient EMS. Patches have been released, and the vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog. Concerns also extend to another vulnerability, CVE-2021-44529, affecting Ivanti Endpoint Manager. (Words: 50) Based … Read more
November 28, 2023 at 11:16AM Hackers are actively exploiting a critical vulnerability in the ownCloud file synchronization software that could lead to data breaches. The flaw, tracked as CVE-2023-49103, allows attackers to access sensitive information such as admin passwords, mail server credentials, and license keys. The vulnerability affects both containerized and non-containerized deployments, and administrators … Read more