CISA confirmed active exploitation of a critical remote code execution (RCE) bug in Fortinet’s FortiOS, urging immediate security updates or SSL VPN disabling to mitigate the risk.
Jan 03, 2024NewsroomCyber Threat / Email Security A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. “Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing […]
In the latest disclosures related to a Russian ransomware gang’s exploitation of the popular MOVEit file transfer service, a federal government agency revealed that more than 330,000 Medicare recipients were affected in a leak of sensitive data. The U.S. Center for Medicare & Medicaid Services (CMS) provides health coverage to more than 160 million people […]
Nov 02, 2023NewsroomThreat Intelligence / Vulnerability Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. “In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim […]
The head of Norway’s National Security Authority (NSM) warned on Monday that the exploitation of two recently disclosed Cisco vulnerabilities has resulted in “important businesses” in the country being compromised by hackers. Speaking to Norwegian newspaper Dagens Næringsliv, NSM chief Sofie Nystrøm said her agency was coordinating the national response to the pair of zero-day […]
Oct 18, 2023NewsroomEnterprise Security / Vulnerability Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions – NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler […]
Oct 11, 2023NewsroomCyber Attack / Vulnerability Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant’s threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. “CVE-2023-22515 […]
In-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced. The vulnerability, tracked as CVE-2023-42793, impacts the on-premises version of TeamCity and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution […]
A high-severity remote code execution (RCE) vulnerability in Apache NiFi, for which an exploitation tool already exists, can lead to unauthorized access and data breaches, cybersecurity firm Cyfirma warns. An open-source data integration and automation tool, Apache NiFi is used for the processing and distribution of data. Tracked as CVE-2023-34468 (CVSS score of 8.8) and […]
- 1
- 2