Exploit Available for Docker Versions of ownCloud Affected by Recent Max. Severity Bug
Image credit: Shutterstock More than 4,000 ownCloud instances remain exposed to attack via CVE-2023-49103; CISA adds vuln to KEV catalog. Attack surface management vendor Onyphe has discovered a total of 4,129 Internet-connected instances of ownCloud that are exposed to attack via the recently disclosed unauthenticated disclosure vulnerability (CVE-2023-49103) in the open-source file sharing and synchronization […]
Read More
LockBit Ransomware Operators Targeting CitrixBleed in Coordinated Attacks
Image source: Shutterstock China’s ICBC, Boeing, Australian logistics giant DP World, major law firm among known victims so far; More than 5,000 organizations worldwide remain unpatched and vulnerable to CVE-2023-4966 Multiple LockBit ransomware operators are apparently working in a coordinated manner to break into major organizations via “CitrixBleed” (CVE-2023-4966) a critical vulnerability in several versions […]
Read More
Atlassian Discloses Critical Vulnerability in Confluence Data Center & Server
Image source: Shutterstock Customers vulnerable to “significant data loss” if attackers exploit CVE-2023-22518, company CISO warns. Atlassian wants customers of its Confluence Data Center and Server to immediately upgrade to new versions of the software the company has just released to protect against a critical vulnerability in the collaboration platform. All versions affected: The vulnerability […]
Read More
Here are the 4 Main Requirements of the New White House Executive Order on AI Safety
Image source: Shutterstock The EO calls for the creation of new standards and guidance to ensure safe use of AI especially in critical infrastructure sectors. The Biden-Harris Administration Monday issued an Executive Order pertaining to the safe and secure use of Artificial Intelligence technologies and systems. The EO lays out requirements for new AI safety […]
Read More
Patch for Cisco Zero Day Bug to Become Available Oct. 22
Image source: Shutterstock Company’s investigation shows attackers actually leveraged two previously unknown bugs, not one, as assumed. There are two important new developments around CVE-2023-20198, the widely exploited zero-day bug in the web UI of Cisco’s IOS EX software. Two 0-Day Bugs, Not One The first is, Cisco’s investigation into the recent widespread attacks targeting […]
Read More
Cisco Recommends Orgs Apply Access Lists to HTTPS Server Feature in IOS XE to Mitigate New 0-Day Threat
Image source: : Shutterstock One security vendor says adversary has used bug to infect thousands of IOS XE devices with an implant for remote code execution. Organizations can protect against the zero-day bug that Cisco disclosed in its IOS XE operating system Monday by restricting access to its HTTP Server feature from untrusted hosts and […]
Read More
Actively Exploited Zero-Day Bug in Cisco IOS XE Gives Attackers Total Admin Access to Affected Devices
Image source: Shutterstock Cisco recommends that customers immediately disable HTTPS Server feature on all Internet-facing devices running the operating system till a fix or other workaround becomes available. An unknown threat actor is actively exploiting a zero-day vulnerability in the web user interface of Cisco’s IOS XE operating system to drop an implant for arbitrary […]
Read More
These 5 Security Practices Can Help Protect Against 99% of Attacks: Do you Have Them?
Image source: Shutterstock Microsoft says telemetry from its Defender for Endpoint, Cloud Apps, Identity, Office 365 and other sources shows organizations can protect against almost all attacks with a few fundamental security practices. Organizations can protect against 99%–or nearly all—attacks by implementing a handful of basic security practices, a new Microsoft study has found. Microsoft’s […]
Read More
Dell Releases Update for Critical Flaw in SmartFabric Storage Software
Company wants customers to upgrade to patched version at “earliest opportunity”. Dell has released a security update to address a critical flaw in its SmartFabric Storage Software (SFSS). The vulnerability assigned as CVE-2023-32485 has a severity score of 9.8 on the CVSS scale. It affects version 1.3 and lower of the technology and allows an […]
Read More
Patch Now: Atlassian Discloses Zero-Day Bug in Confluence Data Center and Server
Image Source: Shutterstock Several customers have reported attackers exploiting the vulnerability to create unauthorized Confluence administrator accounts and to access Confluence instances, company says. Atlassian wants organizations using its on-premises Confluence Data Center and Server content collaboration software to immediately update to new versions that the company released today to address a critical privilege escalation […]
Read More