Image source: Shutterstock CVE-2023-4911 is a local privilege escalation flaw that gives attackers a way to gain root access on versions of Debian, Fedora, Ubuntu and other Linux distributions using the glibc…
Category: Vulnerabilities
Researchers Report Attacks Targeting Max Severity Bug in Progress Software’s WS_FTP
Image source: Shutterstock The in-the-wild exploit activity could be a harbinger of things to come. As happened with a zero-day bug in Progress Software’s MOVEit file transfer software earlier this year, attackers…
What You Need to Know About the Critical New Bugs in Progress Software’s WS_FTP Server
Image source: Shutterstock Based on the extensive targeting of the previous bug in the company’s MOVEit product, it’s safe to bet attacks targeting the WS_FTP flaws are imminent. A maximum severity vulnerability…
PoC Exploit Chain for Critical SharePoint Vulns Heightens Attack Risks
Orgs should immediately apply the patches that Microsoft issued for the flaws if they haven’t done so already. Researchers at Singapore-based StarLabs have released details of a chained remote code execution exploit…
APT37 using South Korea stampede themed lure to exploit new IE zero-day flaw
Microsoft patched flaw after Google TAG researchers reported it to the company in October. Microsoft has patched a zero-day vulnerability in Internet Explorer’s Jscript engine after researchers from Google’s Threat Analysis Group…
Magecart actors ramp up exploit attempts against Magento/Adobe Commerce vulnerability
Sansec says it has observed more probes in November against the now-patched zero-day flaw (CVE-2022-24086) than the rest of the year combined. Seven threat groups affiliated with the Magecart cybercrime syndicate have…
7 vulnerabilities that federal agencies MUST address by Nov 29
Four of the vulnerabilities are Windows zero-day bugs that Microsoft disclosed in its November security update; three affect Samsung mobile devices. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive…
NSA recommends organizations make strategic shift to memory-safe languages
Programming languages such as C and C++ rely too heavily on the programmer not making memory-related mistakes, agency says [300 words]. What: NSA says organizations should consider making a strategic shift from…
Citrix discloses critical authentication bypass flaw; two other vulnerabilities
Organizations should update as soon as possible. If past is precedent, new CVE-2022-27510 flaw could be heavily targeted [286 words]. What: A critical authentication bypass vulnerability (CVE-2022-27510) is present in multiple versions…
Here’s what you need to know of the 4 zero-days in Microsoft’s Nov. update
Microsoft issued patches for of 62 vulnerabilities, nine of which are “Critical” severity and 53 “Important”. Four of the vulnerabilities in Microsoft November 2022 security update are zero-day flaws that are being…