Image source: Shutterstock Attacks targeting CVE-2024-9379 and CVE-2024-9380 have impacted customers running the end-of-life CSA 4.6 for which the company issued the last security fix on Sept. 10. Ivanti this week issued…
Tag: zero-day
2 Exploited and 3 Publicly Known Bugs in Microsoft’s Oct. Update to Patch Now
Image source: : Shutterstock Microsoft’s relatively moderate severity rating for the bugs belie the threat they present At least five of the 117 CVEs for which Microsoft released a patch this week…
Patch for Cisco Zero Day Bug to Become Available Oct. 22
Image source: Shutterstock Company’s investigation shows attackers actually leveraged two previously unknown bugs, not one, as assumed. There are two important new developments around CVE-2023-20198, the widely exploited zero-day bug in the…
Actively Exploited Zero-Day Bug in Cisco IOS XE Gives Attackers Total Admin Access to Affected Devices
Image source: Shutterstock Cisco recommends that customers immediately disable HTTPS Server feature on all Internet-facing devices running the operating system till a fix or other workaround becomes available. An unknown threat actor…
APT37 using South Korea stampede themed lure to exploit new IE zero-day flaw
Microsoft patched flaw after Google TAG researchers reported it to the company in October. Microsoft has patched a zero-day vulnerability in Internet Explorer’s Jscript engine after researchers from Google’s Threat Analysis Group…
CISA Adds Patched Apple iOS/iPadOS Zero-Day to Known Exploited Vulnerabilities Catalog
CVE-2022-42827 is the eighth kernel level flaw so far this year for which Apple has released a patch only after active exploitation was underway [277 words]. What: CISA has added a newly…
Zscaler releases technical details—and PoC—for now-patched Windows 0-day
Microsoft has rated the previously exploited CVE-2022-37969 as being of high-severity, so now might be a good time to patch (264 words). What: New technical details and proof-of-concept code have become available…
Multiple APTs Exploiting Zimbra Vulnerability CVE-2022-41352
Patch or mitigate now [300 words] What: Organizations using Zimbra Collaboration suite (ZCS) 8.8.15 and 9.0 should immediately update to Zimbra 9.0.0 P27 released on October 10. Those that cannot should implement…
Microsoft looking into reports of a third Exchange Server zero-day?
Security vendor that discovered bug recommends organizations limit IIS app operating privileges on Exchange Server [297 words] What: Microsoft apparently is looking into a report it received from South Korean cybersecurity vendor…
Here are the highlights of Microsoft’s October 2022 Security Update
Microsoft released fixes for a total of 84 CVEs across its products [300 words]. One of the vulnerabilities that Microsoft patched today is a zero-day that is being actively exploited: Windows COM+…