Remove 01
Remove 2018 Remove Data Remove Information Security Remove Security
article thumbnail

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog. A deserialization of untrusted data vulnerability arises when an application deserializes data from an untrusted source without proper validation.

IT 117
article thumbnail

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can lead to arbitrary code execution in the context of the current user.

IT 94
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

Hunton Privacy

On January 18, 2021, the European Data Protection Board (“EDPB”) released draft Guidelines 01/2021 on Examples regarding Data Breach Notification (the “Guidelines”). The new draft Guidelines take into account supervisory authorities’ common experiences with data breaches since the GDPR became applicable in May 2018.

article thumbnail

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). On compromised ASA devices, attackers utilize the host-scan-reply field to deliver shellcode, bypassing the need for CVE-2018-0101 exploitation. PSIRT and Talos launched an investigation to support the customer.

IT 122
article thumbnail

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. ” reads the advisory published by Microsoft. Pierluigi Paganini.

IT 125
article thumbnail

xHunt hackers hit Microsoft Exchange with two news backdoors

Security Affairs

Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor tracked as xHunt , aka Hive0081, which was first discovered in 2018. <C2 domain>.

article thumbnail

Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook

Security Affairs

According to the BGPmon.net , starting from 2020-04-01 19:27:28 its service detected a possible BGP hijack, the prefix involved is 31.13.64.0 /19, The phenomena were also monitored by security firm Qrator Labs, below and excerpt from its analysis. In November 2018, security researchers Chris C. The prefix 31.13.69.0/24

IT 101