Image Source: Shutterstock Several customers have reported attackers exploiting the vulnerability to create unauthorized Confluence administrator accounts and to access Confluence instances, company says. Atlassian wants organizations using its on-premises Confluence Data…
Here are 4 Vulnerabilities that CISA Added to the Known Exploited Vulnerabilities Catalog This Week.
Federal agencies need to apply vendor recommended mitigations for each flaw on or before October 25. The US Cybersecurity and Infrastructure Security Agency (CISA) has added a total of four security vulnerabilities…
CISA Adds Critical TeamCity Flaw to Known Exploited Vulnerabilities Catalog
Image source: Shutterstock Move follows reports this week of threat actors actively exploiting the flaw in ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed authentication…
Here’s What You Need to Know About the Severe “Looney TUNABLES” Vuln in Multiple Linux Distros
Image source: Shutterstock CVE-2023-4911 is a local privilege escalation flaw that gives attackers a way to gain root access on versions of Debian, Fedora, Ubuntu and other Linux distributions using the glibc…
Researchers Report Attacks Targeting Max Severity Bug in Progress Software’s WS_FTP
Image source: Shutterstock The in-the-wild exploit activity could be a harbinger of things to come. As happened with a zero-day bug in Progress Software’s MOVEit file transfer software earlier this year, attackers…
What You Need to Know About the Critical New Bugs in Progress Software’s WS_FTP Server
Image source: Shutterstock Based on the extensive targeting of the previous bug in the company’s MOVEit product, it’s safe to bet attacks targeting the WS_FTP flaws are imminent. A maximum severity vulnerability…
PoC Exploit Chain for Critical SharePoint Vulns Heightens Attack Risks
Orgs should immediately apply the patches that Microsoft issued for the flaws if they haven’t done so already. Researchers at Singapore-based StarLabs have released details of a chained remote code execution exploit…
North Korea’s Lazarus Group Targets Critical Infrastructure with New Malware Variant
In its third major campaign this year, North Korea’s Lazarus Group is targeting healthcare entities and infrastructure backbone companies.
4 ways that ChatGPT is a clear and present threat to cybersecurity
Organizations that have not yet factored generative AI technologies into their cyber risk matrix might want to do so quickly. Security concerns related to the use of ChatGPT have exploded since Microsoft-backed…
Chinese APT actor targeting unpatched SonicWall devices in credential stealing campaign
New attacks are similar to those that other China-backed actors have carried out in recent years as part of cyber espionage and data theft campaigns against US companies. A likely China-based threat…