Patch for Cisco Zero Day Bug to Become Available Oct. 22
Image source: Shutterstock Company’s investigation shows attackers actually leveraged two previously unknown bugs, not one, as assumed. There are two important new developments around CVE-2023-20198, the widely exploited zero-day bug in the web UI of Cisco’s IOS EX software. Two 0-Day Bugs, Not One The first is, Cisco’s investigation into the recent widespread attacks targeting […]
Read More
Patch Now: Atlassian Discloses Zero-Day Bug in Confluence Data Center and Server
Image Source: Shutterstock Several customers have reported attackers exploiting the vulnerability to create unauthorized Confluence administrator accounts and to access Confluence instances, company says. Atlassian wants organizations using its on-premises Confluence Data Center and Server content collaboration software to immediately update to new versions that the company released today to address a critical privilege escalation […]
Read More
APT37 using South Korea stampede themed lure to exploit new IE zero-day flaw
Microsoft patched flaw after Google TAG researchers reported it to the company in October. Microsoft has patched a zero-day vulnerability in Internet Explorer’s Jscript engine after researchers from Google’s Threat Analysis Group (TAG) informed the company about seeing North Korea’s APT37 group using it in attacks against South Korean targets. The zero-day flaw (CVE-2022-41128) stems […]
Read MoreMicrosoft looking into reports of a third Exchange Server zero-day?
Security vendor that discovered bug recommends organizations limit IIS app operating privileges on Exchange Server [297 words] What: Microsoft apparently is looking into a report it received from South Korean cybersecurity vendor AhnLab about yet another Exchange Server zero-day vulnerability. To be clear, the vulnerability it is reportedly looking into now is different from the […]
Read MoreHere are the highlights of Microsoft’s October 2022 Security Update
Microsoft released fixes for a total of 84 CVEs across its products [300 words]. One of the vulnerabilities that Microsoft patched today is a zero-day that is being actively exploited: Windows COM+ Event System Service Elevation of Privilege Vulnerability (CVE-2022-41033): An attacker could gain system level privileges. Two other recently disclosed zero-days (CVE-2022-41040 and CVE-2022-41082) […]
Read MoreHere’s what you need to know about the new (actively exploited) Microsoft Exchange Server 0-Days: CVE-2022-41040 and CVE-2022-41082
Latest update: Microsoft has updated its mitigation for the flaw. Implement it. [265 words] What: Two zero-day vulnerabilities exist in Microsoft Exchange Server 2013, 2016 and 2019. One of the flaws CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability. The other is CVE-2022-41082, allows Remote Code Execution (RCE) via PowerShell. Both vulnerabilities require an attacker […]
Read More