October 12, 2023 at 01:12PM The US Securities and Exchange Commission (SEC) has launched an investigation into Progress Software’s MOVEit transfer tool vulnerability, which exposed the data of over 2,000 organizations and 60 million individuals. The flaw, tracked as CVE-2023-34362, was exploited by the Cl0p ransomware group to steal data. Progress Software received a subpoena … Read more
October 12, 2023 at 10:21AM Apple has released iOS and iPadOS updates to patch a kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks. The flaw is a local privilege escalation issue, indicating it may have been used as part of an exploit chain. Although Apple has not provided details about the attacks or … Read more
October 11, 2023 at 03:40PM China-sponsored APT Storm-0062 is responsible for exploiting a critical bug in Atlassian Confluence Server, according to Microsoft. Proof-of-concept exploits are now available, indicating potential mass exploitation. The vulnerability (CVE-2023-22515) allows remote code execution without authentication. Microsoft identified four IP addresses associated with the exploit and warned of the creation of … Read more
October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more