breaking news

Atlassian addressed 3 flaws in Confluence and Bamboo products

Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems. According to […]

The post Atlassian addressed 3 flaws in Confluence and Bamboo products appeared first on Security Affairs.

July 26, 2023
0 comment
Read More >>

VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment

VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score 6.5), in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment that exposed logged credentials […]

The post VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment appeared first on Security Affairs.

July 25, 2023
0 comment
Read More >>

Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including an actively exploited zero-day. The vulnerability, tracked as CVE-2023-38606, resides in the kernel and can be exploited to modify sensitive […]

The post Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606 appeared first on Security Affairs.

July 25, 2023
0 comment
Read More >>

Twelve Norwegian ministries were hacked using a zero-day vulnerability

Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries. The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited a zero-day vulnerability in an unnamed third-party software. Local authorities launched an investigation into the attack that […]

The post Twelve Norwegian ministries were hacked using a zero-day vulnerability appeared first on Security Affairs.

July 25, 2023
0 comment
Read More >>

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted […]

The post A flaw in OpenSSH forwarded ssh-agent allows remote code execution appeared first on Security Affairs.

July 24, 2023
0 comment
Read More >>

Experts warn of OSS supply chain attacks against the banking sector

Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. […]

The post Experts warn of OSS supply chain attacks against the banking sector appeared first on Security Affairs.

July 24, 2023
0 comment
Read More >>

Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. The UK government wants to give more surveillance powers to its intelligence agencies proposing changes to the Investigatory Powers […]

The post Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands appeared first on Security Affairs.

July 24, 2023
0 comment
Read More >>

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC […]

The post Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition appeared first on Security Affairs.

July 23, 2023
0 comment
Read More >>

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. The Agency states that threat actors targeted a NetScaler […]

The post Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 appeared first on Security Affairs.

July 23, 2023
0 comment
Read More >>

Multiple DDoS botnets were observed targeting Zyxel devices

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary […]

The post Multiple DDoS botnets were observed targeting Zyxel devices appeared first on Security Affairs.

July 22, 2023
0 comment
Read More >>