Jun 10, 2023Ravie LakshmananVulnerability / Cyber Threat Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web … [Read more...] about New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered
Critical
Cisco and VMware Address Critical Vulnerabilities
Jun 08, 2023Ravie LakshmananNetwork Security / Vulnerability VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a … [Read more...] about Cisco and VMware Address Critical Vulnerabilities
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
May 27, 2023Ravie LakshmananAPI Security / Vulnerability A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered … [Read more...] about Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
China’s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
May 25, 2023Ravie LakshmananCyber Threat / Espionage A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise … [Read more...] about China’s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability
May 12, 2023Ravie LakshmananVulnerability / Ransomware U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal Bureau of Investigation … [Read more...] about Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability
CISA Warns of Critical Flaws in Illumina’s DNA Sequencing Instruments
Apr 29, 2023Ravie LakshmananHealthcare / Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, … [Read more...] about CISA Warns of Critical Flaws in Illumina’s DNA Sequencing Instruments
Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach
Apr 22, 2023Ravie LakshmananSupply Chain / Cyber Threat Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come … [Read more...] about Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Apr 22, 2023Ravie LakshmananPatch Management / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure … [Read more...] about CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
Apr 21, 2023Ravie LakshmananSoftware Update / Network Security Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, … [Read more...] about Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Mar 24, 2023Ravie LakshmananWeb Security / WordPress Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It … [Read more...] about Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites