Active – Page 2 – OWASP Jakarta

A cake made to resemble Fortigate device

FortiGate admins report active exploitation 0-day. Vendor isn’t talking.

FortiGate admins report active exploitation 0-day. Vendor isn’t talking. Citing the Reddit comment, Beaumont took to Mastodon to explain: “People are quite openly posting what is happening on Reddit now, threat actors are registering rogue FortiGates into FortiManager with hostnames like ‘localhost’ and using them to get RCE.” Beaumont wasn’t Read more

By adminowasp, 9 monthsOctober 23, 2024 ago

News

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) Oct 23, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The Read more

By adminowasp, 9 months ago

News

A Comprehensive Guide to Finding Service Accounts in Active Directory

A Comprehensive Guide to Finding Service Accounts in Active Directory Oct 22, 2024Ravie LakshmananIdentity Management / Security Automation Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This Read more

By adminowasp, 9 months ago

News

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack Oct 22, 2024Ravie LakshmananVulnerability / Cyber Threat The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as Read more

By adminowasp, 9 months ago

News

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability Oct 16, 2024Ravie LakshmananVulnerability / Data Protection The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of Read more

By adminowasp, 9 months ago

News

86k Fortinet devices still vulnerable to active exploits • The Register

86k Fortinet devices still vulnerable to active exploits • The Register More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver’s data. The most recent count taken from Sunday put the number of IPs vulnerable to the bug at 86,602 Read more

By adminowasp, 9 monthsOctober 14, 2024 ago

News

Microsoft issues 117 patches – two under active attack • The Register

Microsoft issues 117 patches – two under active attack • The Register Patch Tuesday It’s the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software. And this one is a doozy. Microsoft has delivered 117 patches – Read more

By adminowasp, 10 monthsOctober 10, 2024 ago

News

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits Oct 08, 2024Ravie LakshmananMobile Security / Privacy Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity Read more

By adminowasp, 10 months ago

News

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw Oct 02, 2024The Hacker NewsEmail Security / Vulnerability Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor’s Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, Read more

By adminowasp, 10 months ago

News

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns Sep 25, 2024Ravie LakshmananVulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active Read more

By adminowasp, 10 months ago