Security Archives - Page 86 of 515

Pierluigi Paganini January 25, 2024

Cisco warns of a critical bug in Unified Communications products, patch it now!

Cisco addressed a critical flaw in its Unified Communications and Contact Center Solutions products that could lead to remote code execution. Cisco released security patches to address a critical vulnerability, tracked as CVE-2024-20253 (CVSS score of 9.9), impacting multiple Unified Communications and Contact Center Solutions products. An unauthenticated, remote attacker can exploit the flaw to […]

Pierluigi Paganini January 25, 2024

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE) revealed that Russia-linked APT group Midnight Blizzard gained access to its Microsoft Office 365 email system. Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyberespionage group Midnight Blizzard gained access to its Microsoft Office 365 cloud-based email environment. The attackers were collecting information on the cybersecurity division of the company and […]

Pierluigi Paganini January 25, 2024

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Atlassian Confluence Data Center and Server Template Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Atlassian Confluence Data Center and Server Template Injection bug, tracked as CVE-2023-22527, to its Known Exploited Vulnerabilities (KEV) catalog. Atlassian recently warned of a critical […]

Pierluigi Paganini January 24, 2024

5379 GitLab servers vulnerable to zero-click account takeover attacks

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited […]

Pierluigi Paganini January 24, 2024

Splunk fixed high-severity flaw impacting Windows versions

Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw impacting Windows installs. Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw, tracked as CVE-2024-23678 (CVSS score 7.5), impacting the Windows version. According to the advisory, Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 does not correctly sanitize path input data. […]

Pierluigi Paganini January 23, 2024

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) product. Fortra warns customers of a new authentication bypass vulnerability tracked as CVE-2024-0204 (CVSS score 9.8), impacting the GoAnywhere MFT (Managed File Transfer) product. Fortra GoAnywhere Managed File Transfer is a comprehensive solution for secure file transfer, data encryption, and compliance management. It provides […]

Pierluigi Paganini January 23, 2024

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a VMware vCenter Server Out-of-Bounds Write bug, tracked as CVE-2023-34048, to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a critical component in VMware virtualization and cloud computing […]

Pierluigi Paganini January 22, 2024

Apple fixed actively exploited zero-day CVE-2024-23222

Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild. Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year. The […]

Pierluigi Paganini January 19, 2024

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti EPMM flaw CVE-2023-35082 (CVSS score: 9.8) vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. At the end of July, Ivanti disclosed a security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked […]

Pierluigi Paganini January 19, 2024

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

Can quantum computing break cryptography? Can it do it within a person’s lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum computing break cryptography? Sure, it can. Can it do it within a person’s lifetime? Yes. In fact, it will likely achieve this sometime within your career. Will it be a cryptopocalypse, […]

Security

Cisco warns of a critical bug in Unified Communications products, patch it now!

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

5379 GitLab servers vulnerable to zero-click account takeover attacks

Splunk fixed high-severity flaw impacting Windows versions

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

Apple fixed actively exploited zero-day CVE-2024-23222

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Critical Sudo bugs expose major Linux distros to local Root exploits

Google fined $314M for misusing idle Android users' data

A flaw in Catwatchful spyware exposed logins of +62,000 users

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!