Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems. According to […]
VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score 6.5), in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment that exposed logged credentials […]
Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including an actively exploited zero-day. The vulnerability, tracked as CVE-2023-38606, resides in the kernel and can be exploited to modify sensitive […]
A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted […]
Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. […]
Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. The UK government wants to give more surveillance powers to its intelligence agencies proposing changes to the Investigatory Powers […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC […]
Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. The Agency states that threat actors targeted a NetScaler […]
Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary […]
SentinelOne researchers attribute the recent supply chain attacks on JumpCloud to North Korea-linked threat actors. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across various systems and applications. […]