breaking news

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2021-1435 in Cisco IOS XE. The vulnerability is a command injection vulnerability in the web user interface that could allow a remote, authenticated attacker to inject commands that can be executed as the root […]

The post CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

October 20, 2023
0 comment
Read More >>

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers from LeakIX used the indicators of compromise (IOCs) released by Cisco Talos and found around 30k Cisco IOS XE devices (routers, switches, VPNs) that were infected by exploiting the CVE-2023-20198. Most of the infected devices were […]

The post Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198 appeared first on Security Affairs.

October 20, 2023
0 comment
Read More >>

Law enforcement operation seized Ragnar Locker group’s infrastructure

An international law enforcement operation shuts down the infrastructure of the Ragnar Locker ransomware operation. Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia conducted a joint operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure. The police on Thursday seized the Tor negotiation and […]

The post Law enforcement operation seized Ragnar Locker group’s infrastructure appeared first on Security Affairs.

October 20, 2023
0 comment
Read More >>

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

I’m proud to announce the release of the 11th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report, which is the annual analysis of the state of the cybersecurity threat landscape. This is the 11th edition of the […]

The post THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT! appeared first on Security Affairs.

October 19, 2023
0 comment
Read More >>

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

North Korea-linked threat actors are actively exploiting a critical vulnerability CVE-2023-42793 in JetBrains TeamCity. Microsoft warns that North Korea-linked threat actors are actively exploiting a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score: 9.8), in JetBrains TeamCity. CVE-2023-42793 is an authentication bypass issue affecting the on-premises version of TeamCity. An attacker can exploit the flaw to steal […]

The post North Korea-linked APT groups actively exploit JetBrains TeamCity flaw appeared first on Security Affairs.

October 19, 2023
0 comment
Read More >>

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the […]

The post Multiple APT groups exploited WinRAR flaw CVE-2023-38831 appeared first on Security Affairs.

October 19, 2023
0 comment
Read More >>

Californian IT company DNA Micro leaks private mobile phone data

Hundreds of thousands of clients who opted-in for a screen warranty were exposed when DNA Micro leaked data from its systems. The Cybernews research team found that DNA Micro, a California-based IT company, exposed the sensitive data of more than 820,000 customers due to a misconfiguration in its systems. The victims most affected by the […]

The post Californian IT company DNA Micro leaks private mobile phone data appeared first on Security Affairs.

October 18, 2023
0 comment
Read More >>

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. “Exploits of CVE-2023-4966 on unmitigated appliances have been observed.” reported Citrix. “Cloud Software Group strongly urges customers of […]

The post Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August appeared first on Security Affairs.

October 18, 2023
0 comment
Read More >>

A flaw in Synology DiskStation Manager allows admin account takeover

A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator’s password. Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Team82 discovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the NAS […]

The post A flaw in Synology DiskStation Manager allows admin account takeover appeared first on Security Affairs.

October 18, 2023
0 comment
Read More >>

D-Link confirms data breach, but downplayed the impact

Taiwanese manufacturer D-Link confirmed a data breach after a threat actor offered for sale on BreachForums stolen data. The global networking equipment and technology company D-Link confirmed a data breach after a threat actor earlier this month offered for sale on the BreachForums platform the stolen data. The company became aware of the a claim of data […]

The post D-Link confirms data breach, but downplayed the impact appeared first on Security Affairs.

October 18, 2023
0 comment
Read More >>