Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. In October, VMware addressed the flaw CVE-2023-34048 (CVSS score 9.8).

IT 126

IT Cybersecurity Cloud Risk 126

Security Affairs

AUGUST 22, 2023

US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) CISA orders federal agencies to fix this flaw by September 11, 2023.

IT 97

IT Cybersecurity Risk Security 97

Security Affairs

FEBRUARY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides in the web services interface of ASA and FTD. . in attacks in the wild.

Ransomware 133

Ransomware Education Cybersecurity Passwords 133

Thales Cloud Protection & Licensing

SEPTEMBER 27, 2023

Around the World with Thales: Our Upcoming Events madhav Thu, 09/28/2023 - 05:01 The summer is long gone, and we are all back to work. While harnessing the power of cloud can help businesses make more informed decisions, upscaling and knowing where to start are no easy tasks. Our event booth number is H25-C70.

Authentication 83

Authentication Cloud Cybersecurity Data Privacy 83

Security Affairs

MAY 2, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability that resides in the locale API of the web management interface of the TP-Link Archer AX21 router.

IT 97

IT Cybersecurity Education Access 97

Security Affairs

FEBRUARY 16, 2023

The flaw is a command injection vulnerability that can be exploited by an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. CISA orders federal agencies to fix this vulnerability by March 9, 2023. The vulnerability affects versions 1.2.22

IT 98

IT Authentication Risk Security 98

Security Affairs

AUGUST 16, 2023

US CISA added critical vulnerability CVE-2023-24489 in Citrix ShareFile to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added critical flaw CVE-2023-24489 (CVSS score 9.8) We are continuing to monitor CVE-2023-24489 (Citrix ShareFile RCE) exploit activity closely.

IT 93

IT Cybersecurity Encryption Access 93

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Threat actors used Line Dancer to execute various commands, including disabling syslog, extracting configuration data, generating packet captures, and executing CLI commands.

IT 122

IT Authentication Access Security 122

Security Affairs

JUNE 2, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362 , to its Known Exploited Vulnerabilities Catalog. Multiple security firms are warning that the vulnerability has been actively exploited in the wild.

IT 95

IT Authentication Access Cloud 95

Security Affairs

MARCH 13, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog. CISA orders federal agencies to fix this flaw by March 31, 2023. in May 2020. .” in May 2020.

Libraries 96

Libraries Data breaches Cybersecurity Passwords 96

Security Affairs

JULY 14, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and trigger a denial-of-service condition. ” reads the advisory published by CISA.

Communications 96

Communications Cybersecurity Government Security 96

Security Affairs

FEBRUARY 11, 2023

US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS, respectively tracked as CVE-2023-0669 , CVE-2015-2291 , and CVE-2022-24990 , to its Known Exploited Vulnerabilities Catalog. The CVE-2023-0669 flaw is a remote code injection issue that impacts GoAnywhere MFT. sys and IQVW64.sys.

IT 98

IT Ransomware Authentication Access 98

Security Affairs

MAY 16, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. In early May, FortiGuard Labs researchers have recently observed a spike in attacks attempting to exploit the Ruckus Wireless Admin remote code execution vulnerability tracked as CVE-2023-25717.

IT 97

IT Cybersecurity Communications Security 97

Security Affairs

MAY 19, 2024

In 2023 the state-sponsored group focused on nuclear agendas between China and North Korea, relevant to the ongoing war between Russia and Ukraine. Troll Stealer supports multiple stealing capabilities, it allows operators to gather files, screenshots, browser data, and system information.

Communications 127

Communications Government Encryption IT 127

Security Affairs

MARCH 8, 2023

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. CISA orders federal agencies to fix this flaw by March 28, 2023. A remote, unauthenticated attacker can exploit this flaw, via a specially crafted message, to execute arbitrary code.

IoT 98

IoT Cybersecurity Risk IT 98

Security Affairs

FEBRUARY 4, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 113

Security Ransomware Passwords Data breaches 113

Security Affairs

MARCH 21, 2024

Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors. Instead, it simply sends packets without waiting for acknowledgment or establishing a connection.

Communications 126

Communications Information Security Risk IT 126