October 20, 2023 at 04:34PM Eight critical vulnerabilities have been discovered in SolarWinds’ Access Rights Manager Tool, exposing unpatched systems to potential privilege escalation by attackers. The vulnerabilities range from allowing remote code execution to performing local privilege escalation. A new ARM version, 2023.2.1, has been released to fix the vulnerabilities, and SolarWinds clients are … Read more
October 20, 2023 at 11:06AM Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all … Read more
October 19, 2023 at 07:06AM Approximately 40,000 Cisco devices have been hacked through an unpatched vulnerability in the IOS XE. The vulnerability, identified as CVE-2023-20198, allows attackers to escalate privileges and gain control of the system. Cisco has not released patches and warns that the vulnerability has been exploited as a zero-day since mid-September. Vulnerability … Read more
October 17, 2023 at 07:12AM The US cybersecurity agency CISA, together with the FBI and MS-ISAC, has issued a warning about a zero-day vulnerability in Atlassian Confluence Data Center and Server. Tracked as CVE-2023-22515, the flaw has been exploited by a nation-state threat actor since September 14. It allows unauthorized access, creation of administrative accounts, … Read more
October 17, 2023 at 07:12AM Cisco has issued a warning about a zero-day vulnerability, CVE-2023-20198, affecting its IOS XE software. The vulnerability allows remote attackers to gain privileged access and take control of devices, potentially modifying network routing rules and exfiltrating data. Cisco has observed active exploitation of the vulnerability and is working on a … Read more
October 16, 2023 at 04:52PM Cisco has disclosed a critical zero-day vulnerability in the Web User Interface of its IOS XE operating system. The flaw, assigned as CVE-2023-20198, affects all Cisco IOS XE devices with the Web UI feature enabled and allows attackers to create an account with complete device control. Cisco advises customers to … Read more
October 16, 2023 at 11:08AM CISA, FBI, and MS-ISAC have issued a warning to network administrators to immediately patch their Atlassian Confluence servers due to a critical privilege escalation flaw (CVE-2023-22515) that is actively being exploited. The flaw affects Confluence Data Center and Server 8.0.0 and later versions. Atlassian has released security updates and advised … Read more