October 31, 2023 at 02:22PM Software maker Atlassian has issued a warning to all Confluence Data Center and Server customers about a critical vulnerability that could be exploited without authentication. The vulnerability, known as CVE-2023-22518, is an improper authorization bug that affects all Confluence versions. Although no data exfiltration can occur from exploiting the flaw, … Read more
October 31, 2023 at 02:06PM Australian software company Atlassian has issued a warning to admins to patch their Internet-exposed Confluence instances due to a critical security flaw. The vulnerability, tracked as CVE-2023-22518, could lead to data loss. While it doesn’t impact confidentiality or allow for data exfiltration, it is necessary to take immediate action to … Read more
October 31, 2023 at 11:51AM Hackers are actively exploiting a critical vulnerability in F5’s BIG-IP product, just five days after its disclosure. The flaw allows for remote code execution and unauthorized access. F5 has released hotfixes and is urging customers to install them immediately. Attackers are also exploiting another vulnerability in BIG-IP’s configuration utility. F5 … Read more
October 31, 2023 at 01:11AM Customers of Atlassian’s Confluence collaboration tool have been alerted to a critical flaw, CVE-2023-22518, and urged to take immediate action. The vulnerability affects all versions of Confluence and is rated at a severity of 9.1/10. Atlassian has not provided details on the nature of the flaw but recommends upgrading to … Read more
October 30, 2023 at 11:15PM Public exploit code for the critical Cisco IOS XE vulnerability (CVE-2023-20198) is now available, which has been used to hack tens of thousands of devices. Cisco has released patches for most IOS XE software releases, but internet scans show that thousands of systems are still compromised. Researchers have provided details … Read more
October 30, 2023 at 02:49PM The UAE Cybersecurity Council warns of a high-risk vulnerability in Google Chrome that allows remote code execution. They recommend updating to the latest version to protect against potential threats. The council’s warning follows similar actions by the Qatar National Cyber Security Agency and other countries addressing vulnerabilities in Adobe and … Read more
October 27, 2023 at 11:17AM A critical vulnerability, CVE-2023-46747, has been discovered in the F5 BIG-IP configuration utility. It allows unauthenticated remote code execution by attackers with remote access to the utility. The vulnerability has a CVSS v3.1 score of 9.8. Devices with the Traffic Management User Interface exposed to the internet are at risk. … Read more
October 27, 2023 at 10:43AM F5 has issued a warning to customers about a critical vulnerability in its BIG-IP product. The vulnerability, tracked as CVE-2023-46747, allows an unauthenticated attacker to remotely execute arbitrary code. The flaw is closely related to a request smuggling issue in the Apache HTTP Server and can be exploited to gain … Read more
October 26, 2023 at 02:57PM Open source data integration platform Mirth Connect has a remote code execution vulnerability, according to cybersecurity firm Horizon3.ai. The vulnerability, tracked as CVE-2023-43208, bypasses a critical-severity flaw disclosed earlier and affects all Mirth Connect installations. A patch has been released, but the cybersecurity firm warns that the vulnerability is easily … Read more
October 26, 2023 at 04:48AM Users of Mirth Connect, an open-source data integration platform, are urged to update to version 4.4.1 due to the discovery of an unauthenticated remote code execution vulnerability (CVE-2023-43208). Horizon3.ai warns that attackers may exploit this vulnerability to gain access to sensitive healthcare data. The flaw affects various versions of Mirth … Read more