Dec 27, 2023NewsroomZero-Day / Email Security Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library … [Read more...] about Chinese Hackers Exploited New Zero-Day in Barracuda’s ESG Appliances
exploited
Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
Oct 21, 2023NewsroomZero-Day / Vulnerability Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside … [Read more...] about Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms
Oct 18, 2023NewsroomEnterprise Security / Vulnerability Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway … [Read more...] about Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian … [Read more...] about New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
Jun 24, 2023Ravie LakshmananThreat Intel / Zero Day The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware … [Read more...] about U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
Jun 05, 2023Ravie LakshmananWebsite Security / Magecart Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as … [Read more...] about Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Apr 22, 2023Ravie LakshmananPatch Management / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure … [Read more...] about CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Apr 15, 2023Ravie LakshmananZero-Day / Browser Security Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript … [Read more...] about Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Mar 25, 2023Ravie LakshmananEnterprise Security / Microsoft Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) … [Read more...] about Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
Mar 14, 2023Ravie LakshmananNetwork Security / Cyber Attack Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or … [Read more...] about Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities