Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns. A complex vulnerability Microsoft has described CVE-2022-3.....»»
Juniper networking devices under attack
CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and have been.....»»
Open-source vulnerability disclosure: Exploitable weak spots
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “.....»»
Microsoft Authenticator suppresses suspicious MFA notifications
Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. Preventing attacks relying on MFA fatigue When faced with MFA-protected acco.....»»
Okta breach post mortem reveals weaknesses exploited by attackers
The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified t.....»»
Atlassian Confluence data-wiping vulnerability exploited
Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP add.....»»
Apple sends threat alerts to iPhone users in Armenia
Selected iPhone users in Armenia have been sent notifications by Apple that what are described only as "state-sponsored attackers," may be targeting them.NSO Group, makers of spying tool PegasusThe alerts were reportedly sent on October 30, 2023, whi.....»»
Apple sends iPhone threat alerts to India opposition politicians
Apple has sent notifications to members of India's opposition politicians, warning that "state-sponsored attackers" could be targeting their iPhones.Mumbai, IndiaSince 2021, Apple has been alerting iPhone users to suspected "state-sponsored spyware a.....»»
Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security a.....»»
State-sponsored APTs are leveraging WinRAR bug
A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE.....»»
Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)
A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. Abou.....»»
Elevate Security Adaptive Trust helps security teams triage and prioritize security events
Elevate Security announced Adaptive Trust solution, enabling Microsoft customers deeper insight into high risk workers who are frequently targeted by attackers and enabling defenders to take action on these insights by dynamically deploying protectio.....»»
Amazon: AWS root accounts must have MFA enabled
Amazon wants to make it more difficult for attackers to compromise Amazon Web Services (AWS) root accounts, by requiring those account holders to enable multi-factor authentication (MFA). MFA options for AWS accounts AWS provides on-demand cloud comp.....»»
Vulnerable Arm GPU drivers under active exploitation. Patches may not be available
Vulnerability allows attackers to tamper with data stored in device memory. Enlarge (credit: Getty Images) Arm warned on Monday of active ongoing attacks targeting a vulnerability in device drivers for its Mali line of G.....»»
Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)
Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept cod.....»»
NETGEAR Orbi 970 Series enhances home connectivity
NETGEAR has introduced the Orbi 970 Series, leveraging innovative antenna design and patented technology to optimize WiFi 7 performance. The Orbi 970 Series delivers speeds of up to 27 Gbps, a slim, elegant design and high-performance antennas for 36.....»»
Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)
Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, di.....»»
Attackers hit software firm Retool to get to crypto companies and assets
Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to a CoinD.....»»
Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities o.....»»
Email forwarding flaws enable attackers to impersonate high-profile domains
Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The issues research.....»»
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found.....»»