Vulnerability – Page 12

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers Dec 06, 2023NewsroomVulnerability / Web Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) Read more

By adminowasp, 2 years ago

News

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims’ accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it Read more

By adminowasp, 2 years ago

News

Google Chrome Under Active Attack, Exploiting New Vulnerability

Google Chrome Under Active Attack, Exploiting New Vulnerability Nov 29, 2023NewsroomZero-Day / Web Browser Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described Read more

By adminowasp, 2 years ago

News

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability Nov 29, 2023NewsroomMalware / Threat Intelligence The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that’s capable Read more

By adminowasp, 2 years ago

News

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In Nov 22, 2023NewsroomThreat Analysis / Vulnerability Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The Read more

By adminowasp, 2 years ago

News

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits Nov 21, 2023NewsroomLinux / Rootkit The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. “Once Kinsing infects a system, it deploys a cryptocurrency mining Read more

By adminowasp, 2 years ago

News

New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments Nov 15, 2023NewsroomVulnerability / Hardware Security Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to “allow escalation of privilege Read more

By adminowasp, 2 years ago

News

VMware Warns of Unpatched Critical Cloud Director Vulnerability

VMware Warns of Unpatched Critical Cloud Director Vulnerability Nov 15, 2023NewsroomNetwork Securit / Vulnerability VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances Read more

By adminowasp, 2 years ago

News

New Vulnerability in AMD SEV Exposes Encrypted VMs

New Vulnerability in AMD SEV Exposes Encrypted VMs Nov 14, 2023NewsroomHardware Security / Virtualization A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege Read more

By adminowasp, 2 years ago

News

Lace Tempest Exploits SysAid IT Support Software Vulnerability

Lace Tempest Exploits SysAid IT Support Software Vulnerability Nov 09, 2023NewsroomVulnerability / Zero Day The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known Read more

By adminowasp, 2 years ago