Cybersecurity
Category Added in a WPeMatico Campaign
Server and computer hardware giant Supermicro has released updates to address multiple vulnerabilities in Baseboard Management Controllers (BMC) IPMI firmware. The issues (tracked as CVE-2023-40284 to CVE-2023-40290) could allow remote attackers to gain root access to the BMC system, firmware supply chain security firm Binarly, which identified the bugs, explains. A special chip on server […]
Oct 05, 2023NewsroomMobile Security / crypto A new Android banking trojan named GoldDigger has been found targeting several financial applications with an aim to siphon victims’ funds and backdoor infected devices. “The malware targets more than 50 Vietnamese banking, e-wallet and crypto wallet applications,” Group-IB said. “There are indications that this threat might be poised […]
Identity & Access Management , Multi-factor & Risk-based Authentication , Security Operations Uno’s Design Wisdom Will Accelerate Rollout of Okta’s First-Ever Consumer Product Michael Novinson (MichaelNovinson) • October 4, 2023 Okta purchased a password manager founded by a former Google engineer and backed by Andreessen Horowitz to get a foothold in the consumer […]
The vulnerability, which affects CER version 12.5(1)SU4, could be exploited to execute arbitrary commands as the root user. Admins are urged to update their vulnerable installations promptly, as there are no temporary workarounds available.
Oct 05, 2023NewsroomVulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below – CVE-2023-42793 (CVSS score: 9.8) […]
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild. In a barebones […]
Upgrading alone will not remove attackers from compromised instances, and organizations must take steps to detect compromises, remove unauthorized admins, and assess any potential damage.
Oct 05, 2023NewsroomZero Day / Vulnerability Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said […]
Oct 05, 2023NewsroomZero Day / Vulnerability Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions […]