Pierluigi Paganini
October 11, 2023
US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve […]
Pierluigi Paganini
October 11, 2023
A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Fortinet researchers observed a new Mirai-based DDoS botnet, tracked as IZ1H9, that added thirteen new payloads to target routers from multiple vendors, including D-Link, Zyxel, TP-Link, and TOTOLINK. The experts observed a surge in botnet […]
Pierluigi Paganini
October 11, 2023
Microsoft Patch Tuesday security updates for October 2023 fixed three actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for October 2023 addressed a total of 103 vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET Core and Visual Studio; Azure; Microsoft Dynamics; and Skype for Business. Three of the […]
Pierluigi Paganini
October 10, 2023
Many poorly configured security cameras are exposed to hacktivists in Israel and Palestine, placing the owners using them and the people around them at substantial risk. After the Hamas attacks on Israel, the cyber war has also started between both sides and their supporters. Hacktivists have already targeted SCADA and ICS systems in Israel and Palestine, and […]
Pierluigi Paganini
October 10, 2023
A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts. libcue provides an […]
Pierluigi Paganini
October 09, 2023
A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum. kapuchin0 claims […]
Pierluigi Paganini
October 06, 2023
The creation of a dedicated emergency number for cybersecurity could provide an effective solution to this rapidly growing challenge The growing threat of cybercrime is calling for new and innovative defense strategies. While the phone number for physical emergencies is already time-tested, the absence of a similar hotline for cybercrimes is a significant gap in […]
Pierluigi Paganini
October 06, 2023
Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) is a buffer overflow issue that resides in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. An attacker can trigger the vulnerability to execute code with elevated privileges. “A […]
Pierluigi Paganini
October 06, 2023
Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), impacting Emergency Responder. A remote, unauthenticated attacker can exploit the vulnerability to log in to susceptible systems using hard-coded credentials that cannot be changed. The vulnerability was discovered as […]
Pierluigi Paganini
October 05, 2023
The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains TeamCity flaw CVE-2023-42793Â (CVSS score: 9.8) and Windows bug CVE-2023-28229Â (CVSS score: 7.0) to its Known Exploited Vulnerabilities Catalog. Below are the descriptions of the two vulnerabilities: According to Binding Operational Directive […]
