November 7, 2023 at 11:42AM Veeam Software has released patches for four severe security vulnerabilities in its Veeam ONE product. The vulnerabilities could lead to remote code execution attacks and password acquisition. Administrators are urged to promptly download and install the patches. There is no evidence of the vulnerabilities being exploited, but attackers have previously … Read more
November 4, 2023 at 12:30PM Enterprise software maker Atlassian has issued a warning on a critical-severity vulnerability in Confluence Data Center and Confluence Server. The flaw, tracked as CVE-2023-22518, could result in severe data loss due to an improper authorization issue. Atlassian has released patches for the bug and urges organizations to apply them promptly. … Read more
October 31, 2023 at 02:22PM Software maker Atlassian has issued a warning to all Confluence Data Center and Server customers about a critical vulnerability that could be exploited without authentication. The vulnerability, known as CVE-2023-22518, is an improper authorization bug that affects all Confluence versions. Although no data exfiltration can occur from exploiting the flaw, … Read more
October 31, 2023 at 02:06PM Australian software company Atlassian has issued a warning to admins to patch their Internet-exposed Confluence instances due to a critical security flaw. The vulnerability, tracked as CVE-2023-22518, could lead to data loss. While it doesn’t impact confidentiality or allow for data exfiltration, it is necessary to take immediate action to … Read more
October 31, 2023 at 08:18AM Atlassian has discovered a critical security flaw in Confluence Data Center and Server that could lead to significant data loss. The vulnerability is rated 9.1 out of 10 in severity and affects all versions of Confluence. Atlassian recommends applying the necessary patches and disconnecting public internet access to vulnerable instances. … Read more
October 31, 2023 at 01:11AM Customers of Atlassian’s Confluence collaboration tool have been alerted to a critical flaw, CVE-2023-22518, and urged to take immediate action. The vulnerability affects all versions of Confluence and is rated at a severity of 9.1/10. Atlassian has not provided details on the nature of the flaw but recommends upgrading to … Read more
October 25, 2023 at 09:21AM Virtualization technology leader VMware has issued an urgent warning about a critical remote code execution flaw in its vCenter Server and VMware Cloud Foundation products. The vulnerability allows attackers with network access to execute remote code. VMware has released patches for the affected products, including older versions. Additionally, a moderate-severity … Read more
October 18, 2023 at 02:52PM There is an active attack targeting a critical security vulnerability in Citrix NetScaler that was patched last week. The vulnerability allows cyber attackers to hijack authenticated sessions, potentially bypassing multifactor authentication. While the patch helps mitigate the issue, organizations are advised to terminate all active sessions to fully remediate the … Read more
October 18, 2023 at 07:00AM A critical vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway has been exploited as a zero-day since August, according to Google’s Mandiant cybersecurity unit. The flaw allows attackers to leak sensitive information without authentication. Citrix released patches on October 10 and updated their advisory to warn customers of the observed … Read more
October 13, 2023 at 11:38AM A single-click exploit has raised concerns about the security of Microsoft’s Visual Studio IDE once again. Developed by security researcher Zhiniang Peng, the exploit takes advantage of the default implementation of the IDE’s “trusted locations” feature. Peng argues that enabling this feature by default would protect users from potential attacks, … Read more