Wednesday, December 6, 2023

Cisco AnyConnect SSL VPN Flaw Let Remote Attacker Launch DoS Attack

A vulnerability of medium severity, identified as CVE-2023-20042, with a CVSS score of 6.8, was found in the AnyConnect SSL VPN feature of Cisco...

CitrixBleed Flaw Widely Exploited, Primarily by a Ransomware Gang

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was...

F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748. This vulnerability is an authenticated SQL...

The Risk of RBAC Vulnerabilities – A Prevention Guide

Role-Based Access Control (RBAC) is a security paradigm focused on assigning system access to users based on their organizational role. It's a sophisticated approach...

Hackers Abusing OAuth Token to Take Over Millions of Accounts

A new OAuth vulnerability has been discovered in three of the major extensions such as Grammarly, Vidio, and Bukalapak. These applications use the OAuth...
D-LINK SQL Injection Vulnerability

D-LINK SQL Injection Vulnerability Let Attacker Gain Admin Privileges

A security flaw called SQL injection has been uncovered in the D-Link DAR-7000 device.SQL injection is a malicious attack that exploits vulnerabilities in web...

Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability

Two vulnerabilities were disclosed by Citrix, which were CVE-2023-4966 and CVE-2023-4967, with critical and high severities, respectively. Of these two, CVE-2023-4966 has been released...

North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network

Microsoft has detected two North Korean nation-state threat actors, Diamond Sleet and Onyx Sleet, exploiting CVE-2023-42793. This vulnerability allows remote code execution on various...

Synology NAS System Flaw Let Attackers Remotely Hijack the Admin Account

Synology DiskStation Manager (DSM) powers Synology NAS systems, offering remote file access and management. The DSM OS includes two default Linux users: 'admin' and...

Pro-Russia Hacker Groups Exploiting Winrar Flaw to Steal Login Credentials

A new phishing attack has been discovered, which uses malicious archive files to exploit the recently found WinRAR vulnerability CVE-2023-38831 using a Powershell script...

Managed WAF protection


Recent Articles