exploitation

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

Feb 28, 2023 by iHash Leave a Comment

Feb 28, 2023Ravie LakshmananSoftware Security / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, … [Read more...] about CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

CISA Warns of Active exploitation of JasperReports Vulnerabilities

Dec 30, 2022 by iHash Leave a Comment

Dec 30, 2022Ravie LakshmananPatch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two-years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: … [Read more...] about CISA Warns of Active exploitation of JasperReports Vulnerabilities

Microsoft Netlogon exploitation continues to rise

Sep 29, 2020 by iHash Leave a Comment

Cisco Blogs / Security / Threat Research / Microsoft Netlogon exploitation continues to rise Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic … [Read more...] about Microsoft Netlogon exploitation continues to rise

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig

May 6, 2019 by iHash Leave a Comment

Snowballing attacks using a recently patched critical bug show no sign of abating. Source link … [Read more...] about Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig

« Previous Page

Elastic and AWS in 2024: Celebrating innovation synergy at AWS re:Invent

Last week, more than 60,000 AWS enthusiasts, experts, and practitioners attended the weeklong AWS re:Invent conference in Las Vegas while exploring the latest innovations, networking, and learning from 2,000+ sessions. AWS re:Invent is the tech world’s blockbuster event. As a Diamond Sponsor, Elastic was pumped to dive in and connect with IT leaders, customers, and […]

Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks

Dec 25, 2024Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. “These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices,” Claroty researchers Noam Moshe and Tomer […]

Reducing CVEs in Elastic container images

In this blog post, we will discuss our journey to significantly reduce Common Vulnerabilities and Exposures (CVEs) in Elastic container images by switching to a minimal base image in our Elastic products and optimizing our workflows for a scalable vulnerability management program. Elastic Stack based on Chainguard images Chainguard images are a collection of container […]

How the Age of Generative AI is Changing a CISOs Approach to Security

No matter the industry, organizations are managing huge amounts of data: customer data, financial data, sales and reference figures–the list goes on and on. And, data is among the most valuable assets that a company owns. Ensuring it remains secure is the responsibility of the entire organization, from the IT manager to individual employees. However, […]

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Dec 23, 2024Ravie LakshmananMachine Learning / Threat Analysis Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. “Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or […]

Crypto scam: seed phrases shared publicly

“I have a question. I have USDT stored in my wallet, and I have the seed phrase. How to transfer my funds to another wallet?” — we found a comment like this under a finance-related video on YouTube. And the seed phrase was revealed in full in the comment. This looked suspicious: even a complete […]

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate. Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

CISA Warns of Active exploitation of JasperReports Vulnerabilities

Microsoft Netlogon exploitation continues to rise

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig