October 16, 2023 at 03:13PM A critical vulnerability in Royal Elementor Addons and Templates up to version 1.3.78 is being actively exploited by hackers. The flaw, tracked as CVE-2023-5360, allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution, compromising the websites. Two WordPress security firms have reported a significant increase in … Read more
October 16, 2023 at 11:52AM Cisco has warned administrators about a severe zero-day vulnerability in its IOS XE Software that allows attackers to gain full control of affected routers. The vulnerability, identified as CVE-2023-20198, only affects devices with the Web User Interface feature enabled and the HTTP or HTTPS Server feature toggled on. Cisco advises … Read more
October 16, 2023 at 10:46AM The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint Cybersecurity Advisory (CSA) about the active exploitation of CVE-2023-22515, a vulnerability in Atlassian Confluence Data Center and Server. This vulnerability allows cyber threat actors to gain … Read more
October 16, 2023 at 10:03AM Russian hacking groups have been exploiting a security vulnerability in the WinRAR archiving utility to launch a phishing campaign. The attack involves malicious archive files that exploit the vulnerability, allowing the attacker to gain remote access to compromised systems. The campaign also steals data from Google Chrome and Microsoft Edge … Read more
October 15, 2023 at 11:00PM The US Securities and Exchange Commission (SEC) is investigating Progress Software’s MOVEit file transfer software following a data breach. Progress admitted to receiving a subpoena from the SEC and stated that it is facing multiple class-action lawsuits and other litigation over the breach. Progress also disclosed that it has received … Read more
October 13, 2023 at 11:38AM A single-click exploit has raised concerns about the security of Microsoft’s Visual Studio IDE once again. Developed by security researcher Zhiniang Peng, the exploit takes advantage of the default implementation of the IDE’s “trusted locations” feature. Peng argues that enabling this feature by default would protect users from potential attacks, … Read more
October 12, 2023 at 03:16PM Unpatched WS_FTP servers exposed to the internet are being targeted by ransomware attacks. The Reichsadler Cybercrime Group attempted to deploy ransomware on these servers using a stolen LockBit 3.0 builder. Although some servers have not been patched, the attempt to encrypt data was unsuccessful, although a $500 ransom demand was … Read more
October 12, 2023 at 01:12PM The US Securities and Exchange Commission (SEC) has launched an investigation into Progress Software’s MOVEit transfer tool vulnerability, which exposed the data of over 2,000 organizations and 60 million individuals. The flaw, tracked as CVE-2023-34362, was exploited by the Cl0p ransomware group to steal data. Progress Software received a subpoena … Read more
October 12, 2023 at 10:55AM A WordPress backdoor that disguises itself as a legitimate plugin has been discovered by security firm Defiant. The backdoor can run as a plugin and perform various functions, including creating an admin account and serving malicious content based on specific filters. It can also be operated remotely by the threat … Read more
October 12, 2023 at 10:21AM Apple has released iOS and iPadOS updates to patch a kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks. The flaw is a local privilege escalation issue, indicating it may have been used as part of an exploit chain. Although Apple has not provided details about the attacks or … Read more