Image source: Shutterstock Following its disclosure of two new zero-days Jan 31, Ivanti too has updated its mitigation file. Customers who applied previous mitigation would need re-apply it to address new flaws….
Critical Vulnerability in Jenkins CLI Could Enable Remote Code Execution
Image source: Shutterstock CVE-2024-23897 is the most serious of 12 vulnerabilities that the Jenkins team disclosed on Jan 24. The Jenkins infrastructure team has issued a patch for a critical remote code…
CVE-2024-0204 in GoAnywhere MFT is a Ticking Time Bomb
Image source: Shutterstock More than 96% of GoAnywhere MFT assets that security vendor Tenable observed on Jan 23 were vulnerable. Mass attacks could soon begin against a critical authentication bypass flaw in…
China’s UTA0178 Threat Group Backdoors 2,100 Ivanti VPN Appliances Via Recently Disclosed 0-Days
Image Source: Shutterstock Attacker stealing sensitive system data, tampering with built-in Integrity Check to hide signs of malicious activity. Multiple threat actors have joined Chinese advanced persistent threat group UTA0178 in targeting…
Exploit Available for Docker Versions of ownCloud Affected by Recent Max. Severity Bug
Image credit: Shutterstock More than 4,000 ownCloud instances remain exposed to attack via CVE-2023-49103; CISA adds vuln to KEV catalog. Attack surface management vendor Onyphe has discovered a total of 4,129 Internet-connected…
LockBit Ransomware Operators Targeting CitrixBleed in Coordinated Attacks
Image source: Shutterstock China’s ICBC, Boeing, Australian logistics giant DP World, major law firm among known victims so far; More than 5,000 organizations worldwide remain unpatched and vulnerable to CVE-2023-4966 Multiple LockBit…
Atlassian Discloses Critical Vulnerability in Confluence Data Center & Server
Image source: Shutterstock Customers vulnerable to “significant data loss” if attackers exploit CVE-2023-22518, company CISO warns. Atlassian wants customers of its Confluence Data Center and Server to immediately upgrade to new versions…
Here are the 4 Main Requirements of the New White House Executive Order on AI Safety
Image source: Shutterstock The EO calls for the creation of new standards and guidance to ensure safe use of AI especially in critical infrastructure sectors. The Biden-Harris Administration Monday issued an Executive…
Patch for Cisco Zero Day Bug to Become Available Oct. 22
Image source: Shutterstock Company’s investigation shows attackers actually leveraged two previously unknown bugs, not one, as assumed. There are two important new developments around CVE-2023-20198, the widely exploited zero-day bug in the…
Cisco Recommends Orgs Apply Access Lists to HTTPS Server Feature in IOS XE to Mitigate New 0-Day Threat
Image source: : Shutterstock One security vendor says adversary has used bug to infect thousands of IOS XE devices with an implant for remote code execution. Organizations can protect against the zero-day…