November 16, 2023 at 05:50PM A new proof-of-concept (PoC) exploit for a critical security vulnerability in Apache ActiveMQ allows threat actors to achieve remote code execution (RCE) on vulnerable servers. Despite a patch being available, numerous organizations remain exposed, with the HelloKitty ransomware gang taking advantage. Researchers at VulnCheck have developed a more sophisticated exploit … Read more
November 4, 2023 at 02:02PM Apple’s “Find My” location network, intended for locating lost or stolen Apple devices, can be exploited to transmit sensitive information by malicious actors using keyloggers. Positive Security researchers have discovered a way to upload arbitrary data onto the Find My network, including passwords, via Bluetooth transmission. The attack is stealthy … Read more
October 18, 2023 at 02:52PM There is an active attack targeting a critical security vulnerability in Citrix NetScaler that was patched last week. The vulnerability allows cyber attackers to hijack authenticated sessions, potentially bypassing multifactor authentication. While the patch helps mitigate the issue, organizations are advised to terminate all active sessions to fully remediate the … Read more
October 18, 2023 at 08:02AM A critical vulnerability, known as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August. The issue allows attackers to access secrets in gateways configured as authentication, authorization, and accounting (AAA) virtual servers. Citrix has released a fix and urges customers to install the … Read more