March 18, 2024 at 05:57AM WordPress users are advised to delete miniOrange’s Malware Scanner and Web Application Firewall plugins due to a critical security flaw, with a high CVSS score of 9.8. The flaw allows unauthenticated attackers to gain administrative privileges, leading to potential compromise of the site. Another privilege escalation flaw was found in … Read more
March 17, 2024 at 10:37PM Recently, a new AI side-channel vulnerability was discovered, allowing attackers to intercept tokens from non-Google ChatGPT derivatives during chat sessions. Researchers at Ben Gurion University successfully reconstructed AI responses and inferred topics. Cloudflare addressed the issue by padding its tokens and deploying the fix to its products. Additionally, an infostealer … Read more
March 16, 2024 at 04:48PM ShadowSyndicate, a ransomware actor, has targeted servers vulnerable to CVE-2024-23334 in the aiohttp Python library. The vulnerability allows remote attackers to access files on affected servers. Exploitation attempts were observed, originating from five IP addresses connected to ShadowSyndicate. Cyble’s data shows about 44,170 exposed aiohttp instances globally, making the extent … Read more
March 14, 2024 at 04:35PM CVE-2024-48788, a recent Fortinet flaw, is expected to be a prime target, particularly for nation-state sponsored actors, due to its similarity to other vulnerabilities. Based on the meeting notes, the key takeaway is that CVE-2024-48788, similar to other recent Fortinet vulnerabilities, is expected to be a highly desirable target, particularly … Read more
March 14, 2024 at 10:28AM Attackers are using Google redirects in a phishing attack, exploiting a patched vulnerability to spread multifaceted malware. Based on the meeting notes, the key takeaway is that attackers are utilizing Google redirects in their phishing attacks, taking advantage of a previously patched vulnerability to distribute complex malware. Full Article
March 14, 2024 at 08:51AM A high-severity flaw in Kubernetes, CVE-2023-5528, allowed attackers to execute code with SYSTEM privileges on Windows endpoints. Exploiting a loophole involving local volumes, an attacker could inject commands to achieve remote code execution. The flaw impacted kubelet versions 1.8.0 and after and was patched in updates released on November 14, … Read more
March 14, 2024 at 01:21AM Fortinet warns of critical flaw (CVE-2023-48788) in FortiClientEMS and two other bugs in FortiOS and FortiProxy, with a 9.3 CVSS score. Exploitation could result in unauthorized code execution. Upgrade affected versions as per the advisory. No current active exploitation, but immediate patching is crucial due to prior abuse of unpatched … Read more
March 13, 2024 at 02:48PM Fortinet patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) software, impacting versions 7.0 and 7.2. The company also fixed an out-of-bounds write weakness in FortiOS and FortiProxy captive portal, as well as other high-severity flaws. A prior RCE bug was disclosed, potentially exploited … Read more
March 11, 2024 at 10:03AM Fortinet recently patched a critical vulnerability in FortiOS, warning of potential exploitation. Tracked as CVE-2024-21762, the flaw can result in out-of-bounds write issues, allowing remote attackers to execute arbitrary code. While CISA added it to the Known Exploited Vulnerabilities Catalog, there are no reports of mass attacks or confirmed exploitation. … Read more
March 11, 2024 at 06:51AM Threat actors using BianLian ransomware exploit security flaws in JetBrains TeamCity software for extortion-only attacks. The cyberattack involves exploiting TeamCity vulnerabilities to gain initial access, deploying the BianLian backdoor, and using PowerShell for remote communication. VulnCheck also detailed PoC exploits for a critical flaw in Atlassian Confluence, indicating widespread exploitation. … Read more