Image source: Shutterstock Customers vulnerable to “significant data loss” if attackers exploit CVE-2023-22518, company CISO warns. Atlassian wants customers of its Confluence Data Center and Server to immediately upgrade to new versions…
Category: Vulnerabilities
Patch for Cisco Zero Day Bug to Become Available Oct. 22
Image source: Shutterstock Company’s investigation shows attackers actually leveraged two previously unknown bugs, not one, as assumed. There are two important new developments around CVE-2023-20198, the widely exploited zero-day bug in the…
Cisco Recommends Orgs Apply Access Lists to HTTPS Server Feature in IOS XE to Mitigate New 0-Day Threat
Image source: : Shutterstock One security vendor says adversary has used bug to infect thousands of IOS XE devices with an implant for remote code execution. Organizations can protect against the zero-day…
Actively Exploited Zero-Day Bug in Cisco IOS XE Gives Attackers Total Admin Access to Affected Devices
Image source: Shutterstock Cisco recommends that customers immediately disable HTTPS Server feature on all Internet-facing devices running the operating system till a fix or other workaround becomes available. An unknown threat actor…
Patch Now: Atlassian Discloses Zero-Day Bug in Confluence Data Center and Server
Image Source: Shutterstock Several customers have reported attackers exploiting the vulnerability to create unauthorized Confluence administrator accounts and to access Confluence instances, company says. Atlassian wants organizations using its on-premises Confluence Data…
Here are 4 Vulnerabilities that CISA Added to the Known Exploited Vulnerabilities Catalog This Week.
Federal agencies need to apply vendor recommended mitigations for each flaw on or before October 25. The US Cybersecurity and Infrastructure Security Agency (CISA) has added a total of four security vulnerabilities…
CISA Adds Critical TeamCity Flaw to Known Exploited Vulnerabilities Catalog
Image source: Shutterstock Move follows reports this week of threat actors actively exploiting the flaw in ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed authentication…
Here’s What You Need to Know About the Severe “Looney TUNABLES” Vuln in Multiple Linux Distros
Image source: Shutterstock CVE-2023-4911 is a local privilege escalation flaw that gives attackers a way to gain root access on versions of Debian, Fedora, Ubuntu and other Linux distributions using the glibc…
Researchers Report Attacks Targeting Max Severity Bug in Progress Software’s WS_FTP
Image source: Shutterstock The in-the-wild exploit activity could be a harbinger of things to come. As happened with a zero-day bug in Progress Software’s MOVEit file transfer software earlier this year, attackers…
What You Need to Know About the Critical New Bugs in Progress Software’s WS_FTP Server
Image source: Shutterstock Based on the extensive targeting of the previous bug in the company’s MOVEit product, it’s safe to bet attacks targeting the WS_FTP flaws are imminent. A maximum severity vulnerability…