Recent Zyxel NAS Vulnerability Exploited by Botnet

June 25, 2024 at 09:44AM A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them. … Read more

Federal frenzy to patch gaping GitLab account takeover hole

May 2, 2024 at 10:25AM CISA is mandating federal agencies to patch a critical vulnerability in GitLab to prevent active exploitation by attackers. The vulnerability, CVE-2023-7028, allows unauthorized account takeovers and poses a risk of software supply chain attacks. GitLab has released fixed versions, and those with two-factor authentication are safe. Currently, around 2,149 GitLab … Read more

Thousands of Qlik Sense Servers Open to Cactus Ransomware

April 26, 2024 at 04:59PM The Cactus ransomware group exploited vulnerabilities in Qlik Sense, allowing remote attacks. Despite Qlik’s disclosure of these flaws, many organizations remained exposed. Notably, 3,143 servers were vulnerable, with alerts and notifications being sent to potential victims. Failure to address the vulnerabilities could lead to compromised instances, making remediation imperative. It … Read more

Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars

April 12, 2024 at 07:36AM The recently disclosed D-Link NAS device vulnerabilities, assigned 2 identifiers, are being exploited, prompting D-Link to urge customers to replace affected devices. Exploitation attempts increased to 140 unique IPs, and Shadowserver Foundation reported seeing over 150 IPs attempting to exploit the vulnerabilities. GreyNoise reported roughly 5,500 impacted devices, while Shadowserver … Read more

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

April 8, 2024 at 10:54AM Researchers at the Shadowserver Foundation discovered thousands of internet-exposed Ivanti VPN appliances vulnerable to a recently disclosed CVE-2024-21894, enabling remote code execution. Ivanti released updates for this and other vulnerabilities, urging users to update instances. ShadowServer found over 16,000 affected Ivanti VPN instances, mostly in the US and Japan, with … Read more

Over 28,500 Exchange servers vulnerable to actively exploited bug

February 19, 2024 at 02:36PM A critical vulnerability, CVE-2024-21410, puts up to 97,000 Microsoft Exchange servers at risk of exploitation by allowing privilege escalation. Microsoft addressed the issue on February 13, but 28,500 servers remain vulnerable. Administrators are urged to apply mitigations to avoid potential misuse and data breaches. The U.S. Cybersecurity & Infrastructure Security … Read more

Newest Ivanti SSRF zero-day now under mass exploitation

February 5, 2024 at 11:00AM Ivanti Connect Secure and Policy Secure are being exploited through an SSRF vulnerability, tracked as CVE-2024-21893, allowing attackers to bypass authentication and access restricted resources on vulnerable devices. The exploitation volume is significantly high, leading to U.S. CISA’s directive for federal agencies to disconnect and upgrade affected appliances to the … Read more

45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation

January 31, 2024 at 07:42AM The Shadowserver Foundation has identified 45,000 exposed Jenkins instances with a critical vulnerability, potentially being exploited in the wild. Unauthenticated attackers can access limited data from files, while authenticated attackers may obtain full file contents, including sensitive Jenkins secrets. Researchers reported in-the-wild exploitation prior to the public release of the … Read more

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

January 3, 2024 at 10:10AM Nearly 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack, which manipulates sequence numbers during the handshake process to compromise the integrity of SSH channels. This attack affects both clients and servers and was developed by academic researchers from Ruhr University Bochum in Germany. The significance of this … Read more

Critical Apache OFBiz Vulnerability in Attacker Crosshairs

December 29, 2023 at 06:12AM Shadowserver Foundation reports in-the-wild exploitation attempts targeting a critical vulnerability in Apache OFBiz ERP system, leading to attempted server-side request forgery and exposure to sensitive information. SonicWall uncovered a related incomplete patch vulnerability, CVE-2023-51467, prompting a release of version 18.12.11 to fix the issue. Organizational system patching is strongly recommended. … Read more