CVE/vulnerability

F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748.  This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands.  F5 Networks has categorized this issue under CWE-89, indicating an ‘Improper Neutralization of Special Elements used in […]

The post F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 1, 2023
0 comment
Read More >>

Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool

Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines.  Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub.  This innovative solution will be presented at the upcoming Black Hat Arsenal – SecTor Toronto event. Raven comes at […]

The post Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 30, 2023
0 comment
Read More >>

VMware Tools Flaw Let Attackers Escalate Privileges

Two high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High) and 7.8 (High), respectively. One of these vulnerabilities existed in macOS. However,  VMware has released patches and security […]

The post VMware Tools Flaw Let Attackers Escalate Privileges appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 27, 2023
0 comment
Read More >>

Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability

Two vulnerabilities were disclosed by Citrix, which were CVE-2023-4966 and CVE-2023-4967, with critical and high severities, respectively. Of these two, CVE-2023-4966 has been released with a publicly available PoC. This vulnerability is associated with a sensitive information disclosure score of 9.4 (Critical). This vulnerability existed in the Citrix Netscaler ADC and Netscaler Gateway versions before […]

The post Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 26, 2023
0 comment
Read More >>

North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network

Microsoft has detected two North Korean nation-state threat actors, Diamond Sleet and Onyx Sleet, exploiting CVE-2023-42793. This vulnerability allows remote code execution on various JetBrains TeamCity server versions widely used for DevOps and software development activities. Diamond Sleet and other North Korean threat actors executed software supply chain attacks through build environment infiltration, posing a […]

The post North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

October 20, 2023
0 comment
Read More >>