December 18, 2023 at 11:39AM Security researcher Ben Barnea revealed two security flaws in Microsoft Windows that were patched in 2023. These flaws, CVE-2023-35384 and CVE-2023-36710, could be exploited by threat actors to achieve remote code execution on Outlook without user interaction. Mitigation recommendations include microsegmentation and addressing NTLM vulnerabilities. For further updates, follow the … Read more
December 15, 2023 at 04:21PM A critical remote code execution (RCE) vulnerability in Apache Struts 2 has raised significant concern due to active exploitation, affecting widely used Java applications and systems. The flaw poses a significant security risk to organizations worldwide. Recommendations include immediate software updates, as no mitigations are available. While complexities make widespread … Read more
December 13, 2023 at 11:22AM Hackers are targeting a recently patched critical vulnerability (CVE-2023-50164) in Apache Struts, leading to remote code execution. Shadowserver reported limited exploitation attempts. Apache Struts is widely used in various sectors for web app development. A path traversal flaw in the recent versions could lead to unauthorized access, data theft, and … Read more
December 13, 2023 at 05:42AM UK-based cybersecurity firm Sophos announced patches for a critical code injection vulnerability in Firewall versions 19.0 MR1 and older, giving attackers the ability to execute remote code. The company also warned of a new exploit and urged organizations to update to supported versions to mitigate the risk. Additionally, patches have … Read more
December 12, 2023 at 06:18PM Microsoft’s December 2023 security update featured fewer vulnerabilities for IT and security teams to address compared to recent months. The update addressed 36 vulnerabilities, including 4 critical ones and 11 likely to be exploited. Despite this, security experts advise vigilance due to potential attack threats posed by certain bugs. This … Read more
December 12, 2023 at 03:36PM Microsoft released critical security fixes for 33 vulnerabilities, including remote code execution bugs and flaws in its Edge browser. The company urged special attention to the CVE-2023-36019 spoofing bug and CVE-2023-35628 code execution defect. Additionally, the patches address issues in Office, Azure, Windows Defender, and the Windows DNS and DHCP … Read more
December 12, 2023 at 12:36PM Sophos issued a backported security update for CVE-2022-3236 for end-of-life firewall firmware versions due to active exploitation by hackers. The flaw allows remote code execution in the User Portal and Webadmin. Despite automatic updates, over 4,000 devices remained vulnerable. Sophos advised updating to specific versions or using workarounds to mitigate … Read more
December 12, 2023 at 09:57AM Around 1,450 pfSense instances online are vulnerable to command injection and cross-site scripting flaws, potentially allowing remote code execution. SonarCloud’s researchers discovered these flaws in mid-November, affecting older versions of pfSense. Netgate released security updates in November, but as of now, the majority of instances remain vulnerable, posing a significant … Read more
December 12, 2023 at 01:00AM Apache has issued a critical security advisory for a flaw in Struts 2, a Java web application framework, potentially allowing remote code execution. Tracked as CVE-2023-50164, the flaw affects various versions, with patches available for some. No workarounds exist, and upgrades to versions 2.5.33 and 6.3.0.2 or higher are highly … Read more
December 11, 2023 at 05:48PM A critical security flaw in the WordPress Backup Migration plugin (CVE-2023-6553) allows unauthenticated attackers to remotely execute PHP code, compromising vulnerable websites. The bug, rated 9.8/10 in severity, was quickly patched after being reported to BackupBliss. However, many websites remain vulnerable, and WordPress admins are urged to take immediate action … Read more