Oct 08, 2024Ravie LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider … [Read more...] about Three Critical Ivanti CSA Vulnerabilities Actively Exploited
actively
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Apr 22, 2023Ravie LakshmananPatch Management / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure … [Read more...] about CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Apr 15, 2023Ravie LakshmananZero-Day / Browser Security Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript … [Read more...] about Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and … [Read more...] about CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including … [Read more...] about North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations
Actively exploited vulnerability in Windows
On the latest Patch Tuesday (May 10) Microsoft released updates for 74 vulnerabilities. At least one of them is already being actively exploited by attackers. Thus, it’s a good idea to install patches as soon as possible. CVE-2022-26925 – the most dangerous of the addressed vulnerabilities Apparently, the most dangerous vulnerability addressed in this update pack is … [Read more...] about Actively exploited vulnerability in Windows
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the … [Read more...] about CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "aggressive" … [Read more...] about U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws
New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks
The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache … [Read more...] about New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks
Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new … [Read more...] about Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability