The Roundcube email server vulnerability (CVE-2023-43770) is actively exploited in cross-site scripting (XSS) attacks, posing a significant risk to both federal agencies and private organizations worldwide.
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. Rhysida and its ransomware Rhysida is a relatively new ransomware-as-a-service gang that engages in double extortion. First observed in May 2023, it made its name by attacking the British Library, the […]
Feb 12, 2024NewsroomVulnerability / Data Recovery Cybersecurity researchers have uncovered an “implementation vulnerability” that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). “Through a comprehensive analysis […]
The vulnerability affects various versions of FortiOS, and the recommended solution includes upgrading to specific versions or migrating to a fixed release to address the flaw.
In a significant cybersecurity event, Chinese state-sponsored hackers exploited a vulnerability in Fortinet’s FortiGate devices to infiltrate a Dutch military network. This network, crucial for unclassified research and development, was compromised without causing damage to the broader defense network due to its isolated nature. Diving into details The breach was orchestrated by leveraging a critical […]
The software company Ivanti has identified yet another new vulnerability in one of its products requiring an immediate patch from users. In an advisory on Thursday afternoon, the company spotlighted CVE-2024-22024 — a vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. The vulnerability carries a severity score of 8.3 and “allows an […]
Feb 09, 2024NewsroomZero Day Vulnerability / Network Security Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. “A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a […]
The vulnerability, tracked as CVE-2024-23917, affects all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can lead to remote code execution attacks without requiring user interaction.
Feb 06, 2024NewsroomCybersecurity / Vulnerability A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit CVE-2024-21893 […]