A vulnerability affecting a widely used tool embedded in web browsers and a separate bug in a popular file transfer tool are being exploited by hackers, according to both government officials and cybersecurity experts. The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that hackers are exploiting CVE-2023-5217 — a vulnerability affecting Google’s Chrome […]
In-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server started just days after the availability of a patch was announced. The vulnerability, tracked as CVE-2023-42793, impacts the on-premises version of TeamCity and it allows an unauthenticated attacker with access to a targeted server to achieve remote code execution […]
A high-severity remote code execution (RCE) vulnerability in Apache NiFi, for which an exploitation tool already exists, can lead to unauthorized access and data breaches, cybersecurity firm Cyfirma warns. An open-source data integration and automation tool, Apache NiFi is used for the processing and distribution of data. Tracked as CVE-2023-34468 (CVSS score of 8.8) and […]
Progress Software has borne minimal impact from the mass exploit of a zero-day vulnerability in its file-transfer service MOVEit despite supply chain compromises that have affected more than 2,100 organizations. Researchers say the data of at least 62 million people has been exposed by the attacks. Progress reported $951,000 in cyber incident and vulnerability response […]
Sep 29, 2023THNServer Security / Vulnerability Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are […]
Sep 26, 2023THNVulnerability / Source Code A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following […]
One of the first North American organizations to suffer a data breach because of a vulnerability in the MOVEit file-transfer software says it has notified more than 165,000 people that their personal information was stolen. The government of Nova Scotia said on Thursday that it has finished sending letters to all victims of the incident […]
Sep 22, 2023THNZero Day / Vulnerability Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows – CVE-2023-41991 – […]
Today, VulnCheck vulnerability researcher Jacob Baines released another PoC exploit that only utilizes CVE-2023-36845, bypassing the need to upload files while still achieving remote code execution.