Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch […]
A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden […]
Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Juniper Networks addressed several vulnerabilities in its products, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Half a dozen of the flaws are DoS issues that have been rated high severity. […]
Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data. The CDATA OLTs are sold under different brands, including Cdata, OptiLink, V-SOL CN, and BLIY. Some of the […]
An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin. Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and […]
Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the video conferencing software Zoom. The vulnerability is a remote code execution issue, which could allow the […]
More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. Over the past few […]
Palo Alto Networks addressed a new severe vulnerability in the PAN-OS GlobalProtect portal that impacts PAN next-generation firewalls. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has been rated as critical severity and received a […]
Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ […]
The US Department of Justice has indicted a hacker named Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. The US Department of Justice has indicted a hacker that goes online with the moniker Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. According to […]