Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been … [Read more...] about Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
vulnerability
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Jan 31, 2023Ravie LakshmananData Security / Vulnerability Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS … [Read more...] about QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
Jan 14, 2023Ravie LakshmananServer Security / Patch Management A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a … [Read more...] about Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
Dec 08, 2022Ravie LakshmananPatch Management / Zero-Day An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément … [Read more...] about Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Dec 05, 2022Ravie Lakshmanan The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based … [Read more...] about Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type … [Read more...] about Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and … [Read more...] about CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
Kenna.VM Premier: Accelerate Vulnerability Management with Cisco Talos Intel and Remediation Analytics
New level unlocked. The next step for Kenna.VM users who are maturing their risk-based vulnerability management program is Kenna.VM Premier—and it’s live. The Cisco Kenna team is excited to release a new tier of the Kenna Security platform designed specifically for customers or prospects that have reached a point of maturity in which they can and want to do more with their … [Read more...] about Kenna.VM Premier: Accelerate Vulnerability Management with Cisco Talos Intel and Remediation Analytics
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 … [Read more...] about 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs … [Read more...] about Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware