Citrix Patches Critical NetScaler ADC, Gateway Vulnerability

October 11, 2023 at 10:07AM Citrix has released patches for a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The vulnerability, CVE-2023-4966, could lead to sensitive information disclosure and can be exploited without authentication. Citrix advises customers to upgrade their appliances to the supported versions. The company has also addressed a denial-of-service … Read more

Chrome 118 Patches 20 Vulnerabilities

October 11, 2023 at 08:24AM Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow sites to steal data. Google has yet to determine the bug bounty reward for this vulnerability. The release also addresses eight medium-severity flaws and five low-severity vulnerabilities. The latest version … Read more

curl vulnerabilities ironed out with patches after week-long tease

October 11, 2023 at 06:09AM The latest version of the curl command line transfer tool was released today, addressing two separate vulnerabilities. The first vulnerability is a heap-based buffer overflow flaw that affects both libcurl and the curl tool. The second vulnerability is a less-severe cookie injection flaw that only affects libcurl. Users are advised … Read more

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks

October 10, 2023 at 07:54PM Researchers at Microsoft have identified a known nation-state threat actor, referred to as Storm-0062, as responsible for the recent zero-day exploits targeting Atlassian’s Confluence Data Center and Server products. The malicious activity had been ongoing since September 14, before Atlassian publicly disclosed the issue. Microsoft has provided IP addresses related … Read more

October 10, 2023 at 02:36PM – Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business

October 10, 2023 at 02:36PM Microsoft released a large batch of software and OS updates to address over 100 vulnerabilities across Windows systems. They warned that three of these vulnerabilities are already being exploited. The updates also targeted a zero-day vulnerability in HTTP/2 Rapid Reset that exposed the internet to DDoS attacks. Two other zero-day … Read more

About the security content of iOS 16.7.1 and iPadOS 16.7.1 – Apple Support

October 10, 2023 at 05:21PM Apple has addressed two security issues in their products. The first issue, identified as CVE-2023-42824, could allow a local attacker to elevate their privileges. It may have been actively exploited on iOS versions prior to iOS 16.6. The second issue, identified as CVE-2023-5217, involves a buffer overflow that could lead … Read more

October 10, 2023 at 12:07PM – Researcher bags two-for-one deal on Linux bugs while probing GNOME component

October 10, 2023 at 12:07PM Researchers have discovered a high-severity remote code execution (RCE) vulnerability in a component of GNOME-based Linux distros. Tracked as CVE-2023-43641, the exploit takes advantage of the libcue library, used to parse cue sheets, and the tracker-miners application. The vulnerability affects all GNOME-based distros and can be triggered by downloading a … Read more

October 10, 2023 at 02:18AM – Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

October 10, 2023 at 02:18AM Threat actors are exploiting a critical flaw in Citrix NetScaler ADC and Gateway devices to conduct a credential harvesting campaign. The flaw, CVE-2023-3519, allows for remote code execution. Attackers are inserting a malicious script into the authentication web page and capturing user credentials. IBM X-Force has identified at least 600 … Read more