Pierluigi Paganini
June 21, 2023
VMware is warning customers that critical remote code execution vulnerability CVE-2023-20887 is being actively exploited in attacks. VMware is warning customers that a critical remote code execution vulnerability in Aria Operations for Networks (Formerly vRealize Network Insight), tracked as CVE-2023-20887, is being actively exploited in the wild. “VMware has confirmed that exploitation of CVE-2023-20887 has […]
Pierluigi Paganini
June 20, 2023
A third-party vendor of 3CX, a popular Voice over Internet Protocol (VoIP) comms provider, left an open server and exposed sensitive 3CX data. The issue went under the company’s radar, even though it was recently targeted by North Korean hackers. While victims of cyberattacks should not be ridiculed, there’s a reason that sayings like “fool […]
Pierluigi Paganini
June 20, 2023
Data-centric distributed resilience (DDR) offers a compelling approach to addressing data sovereignty in cybersecurity. As much of our modern life relies upon the cloud, the question of data protection is front of mind for many organizations. Those who fail to take a proactive approach to secure their data often learn the hard way how vulnerable […]
Pierluigi Paganini
June 20, 2023
ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. The impacted models are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, […]
Pierluigi Paganini
June 15, 2023
Experts linked the UNC4841 threat actor behind the attacks exploiting the recently patched Barracuda ESG zero-day to China. Mandiant researchers linked the threat actor UNC4841 to the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. “Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset […]
Pierluigi Paganini
June 14, 2023
Hundreds of thousands of online stores are potentially exposed to hacking due to a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The WooCommerce Stripe Payment Gateway plugin is affected by a critical vulnerability tracked as CVE-2023-34000. The Stripe plugin extends WooCommerce allowing administrators of the e-commerce sites to take payments directly on their […]
Pierluigi Paganini
June 13, 2023
Microsoft Patch Tuesday security updates for June 2023 fixed 69 flaws in its products, including six critical issues. Microsoft Patch Tuesday security updates for June 2023 fixed 69 vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Office and Office Components; Exchange Server; Microsoft Edge (Chromium-based); SharePoint Server; .NET and Visual Studio; Microsoft Teams; […]
Pierluigi Paganini
June 13, 2023
Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote […]
Pierluigi Paganini
June 12, 2023
Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. An attacker can exploit the vulnerability to achieve remote code execution on vulnerable network equipment. The vulnerability was […]
Pierluigi Paganini
June 12, 2023
The Play ransomware attack suffered by the IT services provider Xplain also impacted the national railway company of Switzerland (FSS) and the canton of Aargau. The Play ransomware attack suffered by the IT services provider Xplain is worse than initially estimated, the incident also impacted the national railway company of Switzerland (FSS) and the canton […]
