vulnerability

High-Severity Vulnerability Patched in Splunk Enterprise

by

January 23, 2024 at 09:12AM Splunk announced patches for multiple vulnerabilities, including a high-severity bug (CVE-2024-23678) affecting Splunk Enterprise on Windows, allowing unsafe deserialization leading to potential denial of service, application logic abuse, or code execution. Other medium-severity vulnerabilities and flaws in third-party packages were also resolved in versions 9.0.8 and 9.1.3. Splunk recommends upgrading … Read more

Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw

by

January 22, 2024 at 06:09PM A new wave of cyberattacks is targeting a critical remote code-execution vulnerability in Apache ActiveMQ, using the Godzilla Web shell to gain control. The vulnerability, CVE-2023-46604, affects multiple versions of ActiveMQ and allows for malicious port scanning, code injection, and other activities. Over 3,400 vulnerable servers have been identified, leading … Read more

German IT Consultant Fined Thousands for Reporting Security Failing

by

January 22, 2024 at 03:31PM A security researcher in Germany was fined €3,000 for reporting a vulnerability in an e-commerce database that put customer information at risk. Modern Solution GmbH downplayed the data exposure, leading to a legal battle. Hendrik H. was initially vindicated by the District Court but was eventually fined and is planning … Read more

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure

by

January 22, 2024 at 11:06AM Attempts to exploit a critical Atlassian Confluence vulnerability, CVE-2023-22527, began shortly after its disclosure. Out-of-date versions of Confluence Data Center and Server are affected, allowing unauthenticated attackers to achieve remote code execution. The Shadowserver Foundation reported 40,000 exploitation attempts, highlighting widespread activity and the ongoing risk to vulnerable servers. Based … Read more

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

by

January 21, 2024 at 11:03PM Cybersecurity researchers have observed an increase in threat actor activity exploiting a vulnerability in Apache ActiveMQ by delivering the Godzilla web shell. The web shells are concealed within an unknown binary format to evade security measures. This vulnerability has been actively exploited to deploy ransomware, rootkits, cryptocurrency miners, and DDoS … Read more

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

by

January 20, 2024 at 06:45AM A China-linked cyber espionage group, UNC3886, exploited a zero-day vulnerability (CVE-2023-34048) in VMware vCenter Server, allowing privileged access and deployment of malware. These actions enable further exploitation of VMware flaws. VMware advises users to update to avoid potential threats. Additionally, UNC3886 utilized a Fortinet flaw (CVE-2022-41328) to implant malware, targeting … Read more

Protecting Your Network Security from Ivanti Zero-Day Threat

by

January 19, 2024 at 07:49PM The Ivanti Zero-Day vulnerability poses significant real-world impacts, with the need for immediate action to mitigate its effects. The broader concern lies in the pervasive vulnerability of VPNs. An alternative approach, such as Trend Micro™ Zero Trust Secure Access, offers a promising solution to prevent vulnerabilities from escalating into major … Read more

VMware vCenter Server Vulnerability Exploited in Wild 

by

January 19, 2024 at 06:12AM VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed … Read more

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

by

January 19, 2024 at 12:03AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched critical flaw in Ivanti Endpoint Manager Mobile and MobileIron Core to its Known Exploited Vulnerabilities catalog. The flaw enables unauthorized remote access and has been actively exploited, affecting several versions of the impacted software. Federal agencies are advised … Read more

Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances

by

January 17, 2024 at 10:30AM Atlassian warns of a critical vulnerability in out-of-date Confluence Data Center and Server versions allowing remote code execution (RCE) without authentication, with a CVE-2023-22527 (CVSS score of 10). This template injection flaw impacts Confluence 8 versions released before Dec. 5, 2023. Atlassian advises immediate patching and recommends updating to the … Read more