October 11, 2023 at 05:31PM A new malware disguised as a caching plugin is targeting WordPress sites, allowing threat actors to gain control over the site. The malware functions as a backdoor, enabling the management of plugins, content replacement, and redirecting users to malicious locations. It disguises itself as a legitimate plugin to avoid detection. … Read more
October 11, 2023 at 04:24PM The cybersecurity community anxiously awaited the disclosure of two security flaws in the open source proxy resolution tool, Curl. However, after patches and bug details were unveiled, neither vulnerability lived up to the hype. The first flaw could allow data corruption or remote code execution, but it only affects a … Read more
October 11, 2023 at 03:40PM China-sponsored APT Storm-0062 is responsible for exploiting a critical bug in Atlassian Confluence Server, according to Microsoft. Proof-of-concept exploits are now available, indicating potential mass exploitation. The vulnerability (CVE-2023-22515) allows remote code execution without authentication. Microsoft identified four IP addresses associated with the exploit and warned of the creation of … Read more
October 11, 2023 at 02:20PM The Cybersecurity Infrastructure & Security Agency (CISA) has added an Adobe Acrobat Reader bug to its list of exploited vulnerabilities. The bug (CVE-2023-21608) exists in multiple versions of Adobe Acrobat and Reader and allows remote execution of malicious code. CISA advises users to update their software, which was patched in … Read more
October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more
October 11, 2023 at 10:07AM Citrix has released patches for a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The vulnerability, CVE-2023-4966, could lead to sensitive information disclosure and can be exploited without authentication. Citrix advises customers to upgrade their appliances to the supported versions. The company has also addressed a denial-of-service … Read more
October 11, 2023 at 09:09AM Microsoft introduced Patch Tuesday in October 2003, a monthly release of software fixes on the second Tuesday of each month. The change brought predictability and stability for IT administrators, who previously faced chaotic patching processes. The number of patches has increased significantly over the years, and other vendors have joined … Read more
October 11, 2023 at 08:54AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2023-21608, is a use-after-free bug that allows for remote code execution. Adobe released a patch for the flaw in January 2023, but details … Read more
October 11, 2023 at 08:24AM Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow sites to steal data. Google has yet to determine the bug bounty reward for this vulnerability. The release also addresses eight medium-severity flaws and five low-severity vulnerabilities. The latest version … Read more
October 11, 2023 at 08:24AM Tech companies including Cloudflare, AWS, and Google have responded to the HTTP/2 zero-day vulnerability that led to massive distributed denial-of-service attacks. The attacks exploited the HTTP/2 Rapid Reset feature, resulting in servers being taken down. Organizations like CISA, Microsoft, NGINX, F5, Netty, Apache, Swift, and Linux distributions have issued advisories … Read more