Security Archives - Page 73 of 519

Pierluigi Paganini May 10, 2024

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin’s private SSH key. Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions […]

Pierluigi Paganini May 09, 2024

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets. F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026 and CVE-2024-21793, in BIG-IP Next Central Manager that can lead to device takeover. BIG-IP Next Central Manager (NCM) is a centralized management […]

Pierluigi Paganini May 08, 2024

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially lead […]

Pierluigi Paganini May 07, 2024

Law enforcement agencies identified LockBit ransomware admin and sanctioned him

The FBI, UK National Crime Agency, and Europol revealed the identity of the admin of the LockBit operation and sanctioned him. The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’ , and issued sanctions against him. It was the first time that […]

Pierluigi Paganini May 07, 2024

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded guilty to participating in a money laundering scheme. Alexander Vinnik, a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange BTC-e from 2011 to 2017. BTC-e processed over $9 billion in transactions and served over […]

Pierluigi Paganini May 06, 2024

City of Wichita hit by a ransomware attack

The City of Wichita in Kansas was forced to shut down its computer systems after a ransomware attack. The City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network to contain the threat. The security breach took place on May 5th, 2024, and immediately started its incident response procedure […]

Pierluigi Paganini May 05, 2024

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Blackbasta gang claimed responsibility for Synlab Italia attack LockBit published data stolen from Simone Veil hospital […]

Pierluigi Paganini May 04, 2024

Blackbasta gang claimed responsibility for Synlab Italia attack

The Blackbasta extortion group claimed responsibility for the attack that in April severely impacted the operations of Synlab Italia. Since April 18, Synlab Italia, a major provider of medical diagnosis services, has been experiencing disruptions due to a cyber attack. The company initially cited technical issues as the cause leading to “temporary interruption of access […]

Pierluigi Paganini May 02, 2024

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system. HPE Aruba Networking released April 2024 security updates that addressed four critical remote code execution (RCE) vulnerabilities affecting multiple versions of the network operating system ArubaOS. The four vulnerabilities are unauthenticated buffer overflow issues that could be exploited to […]

Pierluigi Paganini May 02, 2024

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-7028 (CVSS score: 10.0), is an account takeover via Password Reset. The […]

Security

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

Law enforcement agencies identified LockBit ransomware admin and sanctioned him

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

City of Wichita hit by a ransomware attack

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

Blackbasta gang claimed responsibility for Synlab Italia attack

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Coyote malware is first-ever malware abusing Windows UI Automation

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Stealth backdoor found in WordPress mu-Plugins folder

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!