Wednesday, December 6, 2023

SysAid IT Service Software 0-day Exploited to Deploy Cl0p Ransomware

SysAid On-Prem software has been reported with a 0-day vulnerability determined during an incident response investigation.According to Microsoft, attackers are exploiting this zero-day vulnerability...

Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities.The publicly available Proof of Concepts (POCs) for these...

Buffer Overflow Flaws in Trusted Platform Modules Allow Malicious Commands

Trusted Computing Group’s Trust Platform Module 2.0 reference library specification has been discovered with two buffer overflow vulnerabilities that threat actors can exploit to...

Hackers Exploiting Confluence Flaw to Deploy Ransomware

Hackers actively target Confluence flaws because it is a widely used collaboration and documentation platform, making it a valuable target for gaining unauthorized access...

Ransomware Actors Exploiting Legitimate System Tools to Gain Access – FBI

Ransomware attacks are on the rise, causing organizations to lose millions of dollars, restricting them from accessing their data, and possibly disclosing personal information.According to...

Android Security Updates: 2023 – 37 Vulnerabilities Patched Including RCE, DOS

Android has fixed 37 vulnerabilities that were impacting its devices with the release of its November 2023 security updates. Most of the flaws included...

QNAP OS Command Injection Vulnerability Let Attackers Execute Malicious Commands

Two critical OS command injection flaws have been discovered in multiple QNAP products, which include QTS, Multimedia Console, Media Streaming add-on, QuTS Hero, and...

Veeam Critical Flaws Let Attackers Execute Remote Code and Steal NTLM Hashes

Veeam, a Global Leader in Data Protection, issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform.Two vulnerabilities are classified as...

New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New!

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities' technical severity that helps in guiding...

Multiple Cisco Services Engine Flaws Let Attackers Upload Arbitrary Files

Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196,...

Managed WAF protection


Recent Articles