Security Affairs

OCTOBER 23, 2023

US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. This allowed the user to log in with normal user access.

IT 95

IT Passwords Access Cybersecurity 95

Security Affairs

JANUARY 18, 2024

CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability. CVE-2023-6549 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability. CVE-2024-0519 – Google Chromium V8 Out-of-Bounds Memory Access Vulnerability. The vulnerability CVE-2023-6549 is a Denial of Service.

IT 108

IT Authentication Cloud Access 108

Security Affairs

MAY 2, 2024

CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT 115

IT Passwords Access Cybersecurity 115

Security Affairs

NOVEMBER 1, 2023

US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities CVE-2023-46747 and CVE-2023-46748 in BIG-IP to its Known Exploited Vulnerabilities catalog.

IT 101

IT Authentication Access Cybersecurity 101

Security Affairs

JANUARY 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805 , and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw CVE-2023-46805 (CVSS score 8.2)

IT 101

IT Authentication Cybersecurity Security 101

Thales Cloud Protection & Licensing

JANUARY 24, 2023

Data Privacy Legislation: What You Should Be Looking for in 2023 divya Wed, 01/25/2023 - 06:31 Comprehensive data protection laws exist across the globe. The ever-lasting impact of GDPR Gartner has estimated that by 2023, 75% of the world’s population will have its personal data covered under modern privacy regulations.

Data Privacy 71

Data Privacy Privacy GDPR Compliance 71

Security Affairs

DECEMBER 1, 2023

The two issues are: CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability CVE-2023-6345 – The CVE-2023-5217 is a high-severity integer overflow in Skia. CISA orders federal agencies to fix these vulnerabilities by December 21, 2023.

IT 86

IT Libraries Cybersecurity Passwords 86

Security Affairs

OCTOBER 20, 2023

. “Leveraging existing detections, we observed the actor exploiting CVE-2021-1435, for which Cisco provided a patch in 2021, to install the implant after gaining access to the device.” CISA orders federal agencies to fix this flaw by November 9, 2023. ” reads the report published by Cisco Talos.

IT 109

IT Authentication Access Cybersecurity 109

Security Affairs

FEBRUARY 12, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770 , to its Known Exploited Vulnerabilities (KEV) catalog. It provides a user-friendly interface for accessing email accounts via a web browser. x before 1.5.4, x before 1.6.3.

IT 99

IT Cybersecurity Risk Access 99

Security Affairs

JANUARY 16, 2024

The high-serverity vulnerability, tracked as CVE-2024-0519 , is an out of bounds memory access in the Chrome JavaScript engine. The flaw has been reported by Toan (suto) Pham of Qrious Secure on 2024-01-06 [$1000][ 1507412 ] High CVE-2024-0518: Type Confusion in V8. The flaw was reported by Anonymous on January 11, 2024.

Security 107

Security Access IT Information Security 107

Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a VMware vCenter Server Out-of-Bounds Write bug, tracked as CVE-2023-34048 , to its Known Exploited Vulnerabilities (KEV) catalog. In October, VMware addressed the flaw CVE-2023-34048 (CVSS score 9.8). reads the report published by Mandiant.

IT 106

IT Cybersecurity Cloud Risk 106

Security Affairs

SEPTEMBER 22, 2023

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) CISA orders federal agencies to fix this flaw by October 12, 2023.

IT 103

IT Security Risk Authentication 103

Security Affairs

MARCH 16, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Adobe ColdFusion, tracked as CVE-2023-26360 (CVSS score: 8.6), to its Known Exploited Vulnerabilities Catalog. Adobe is aware that CVE-2023-26360 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion.”

Cybersecurity 89

Cybersecurity Risk Security Access 89

Security Affairs

NOVEMBER 13, 2023

US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) in Juniper devices to its Known Exploited Vulnerabilities catalog. ” states the update published by the company on November 8 th 2023. Customers are urged to immediately upgrade.”

IT 108

IT Authentication File names Access 108

Security Affairs

AUGUST 1, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added the second actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM, formerly MobileIron Core) vulnerability, tracked as CVE-2023-35081 , to its Known Exploited Vulnerabilities Catalog. “Ivanti released a patch for CVE-2023-35078 on July 23, 2023. .

IT 83

IT MDM Authentication Cybersecurity 83

Security Affairs

NOVEMBER 9, 2023

US CISA added the vulnerability CVE-2023-29552 in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-29552 (CVSS score: 7.5) CISA orders federal agencies to fix this flaw by November 29, 2023.

IT 98

IT Cybersecurity Risk Security 98

Security Affairs

APRIL 22, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability. CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability.

IT 85

IT Libraries Cybersecurity Education 85

IBM Big Data Hub

JULY 24, 2023

Thus far, running my Terraform scripts to deploy resources and privileges meant allowing access to them. Thanks to a (relatively) new IBM Cloud security feature called time-based restrictions , I can decouple the deployment process from when access is possible. Participants should have access privileges related to their role.

Cloud 79

Cloud Security Access IT 79

Security Affairs

JUNE 23, 2023

Below is the list of the issues added to the catalog: CVE-2023-32434 : Apple Multiple Products Integer Overflow Vulnerability – Apple iOS. CVE-2023-20867 : VMware Tools Authentication Bypass Vulnerability – VMware Tools contains an authentication bypass vulnerability in the vgauth module.

Authentication 86

Authentication Cybersecurity Access Security 86

Security Affairs

MAY 20, 2023

US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) The issue was reported on January 17, 2023, the company addressed the issue by removing kernel pointers in log file.

Cybersecurity 87

Cybersecurity Security Risk Access 87

Security Affairs

JANUARY 11, 2023

The ransomware attack took place on December 2, 2022, threat actors exploited a previously unknown security exploit , dubbed OWASSRF by Crowdstrike , to gain initial access to the Rackspace Hosted Microsoft Exchange. The flaw was addressed by Microsoft with the release of Microsoft Patch Tuesday for January 2023. Pierluigi Paganini.

IT 87

IT Ransomware Cloud Cybersecurity 87

Security Affairs

MAY 2, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability. CVE-2023-21839 (CVSS score: 7.5) – Oracle WebLogic Server Unspecified Vulnerability.

IT 82

IT Cybersecurity Education Access 82

Security Affairs

FEBRUARY 11, 2023

US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS, respectively tracked as CVE-2023-0669 , CVE-2015-2291 , and CVE-2022-24990 , to its Known Exploited Vulnerabilities Catalog. The flaw is exploited by North Korea-linked APT groups to gain initial access to the target infrastructure.

IT 88

IT Ransomware Authentication Access 88

Security Affairs

JULY 3, 2023

The vulnerability could be only exploited by an attacker with access to the same local area network segment of the vulnerable device. Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices.

IT 87

IT IoT Access Cybersecurity 87

Security Affairs

APRIL 8, 2023

Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report.

IT 76

IT Ransomware Education Cybersecurity 76

Security Affairs

FEBRUARY 16, 2023

The flaw resides in the `remote_agent.php` file that can be accessed by any unauthenticated user. CISA orders federal agencies to fix this vulnerability by March 9, 2023. CVE-2023-21715 – The flaw is a Microsoft Office Publisher security feature bypass vulnerability. The vulnerability affects versions 1.2.22

IT 82

IT Authentication Risk Security 82

Security Affairs

FEBRUARY 22, 2023

— Shadowserver (@Shadowserver) February 13, 2023 Researchers from security firm Assetnote published a proof-of-concept (PoC) exploit code early the month. CISA orders federal agencies to fix this flaw by March 14, 2023.

Authentication 85

Authentication Access Risk Security 85

Security Affairs

DECEMBER 30, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 82

IT Libraries Authentication Access 82

Security Affairs

JUNE 2, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362 , to its Known Exploited Vulnerabilities Catalog. CISA orders federal agencies to fix this flaw by June 23, 2023. reads the advisory published by the company.

IT 74

IT Authentication Access Cloud 74

Security Affairs

APRIL 24, 2023

Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351 ) in attacks in the wild. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability.

Authentication 91

Authentication Cybersecurity Education Access 91

Thales Cloud Protection & Licensing

SEPTEMBER 27, 2023

Around the World with Thales: Our Upcoming Events madhav Thu, 09/28/2023 - 05:01 The summer is long gone, and we are all back to work. We have two meeting rooms, and our focus is on protecting and securing access to your data through modern and strong authentication solutions. Our event booth number is H25-C70.

Authentication 83

Authentication Cloud Cybersecurity Data Privacy 83

Security Affairs

APRIL 25, 2024

Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA).

IT 102

IT Authentication Access Security 102

Security Affairs

AUGUST 16, 2023

US CISA added critical vulnerability CVE-2023-24489 in Citrix ShareFile to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added critical flaw CVE-2023-24489 (CVSS score 9.8) A search online shows roughly 1000-6000 instances are internet accessible.

IT 71

IT Cybersecurity Encryption Access 71

Security Affairs

JULY 26, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog. CISA orders federal agencies to fix this flaw by August 15, 2023.

IT 76

IT Authentication Risk Access 76

Security Affairs

APRIL 24, 2023

Print management software provider PaperCut confirmed ongoing active exploitation of CVE-2023-27350 vulnerability. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability. ” The CVE-2023-27350 (CVSS score – 9.8)

Cybersecurity 70

Cybersecurity Ransomware Education Authentication 70

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Security 100

Security Ransomware Passwords Data breaches 100

Security Affairs

MARCH 22, 2023

9.1), that resides in the access control functionality of the Netgear Orbi router. “A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5.” on January 19, 2023. ” states Talos. ” reads the advisory published by Cisco Talos.

Authentication 85

Authentication Passwords Access Communications 85