exploit – Page 5 – MCYSEKA-Maritime Cyber Security Knowledge Archive

Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities. The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums. Over 20,000 “Netscaler” instances and 1,000 “Big IP” instances are available online. These systems might be attractive targets for attackers and might be […]

The post Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

November 10, 2023

0 comment

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day …

November 9, 2023

0 comment

Looney Tunables bug exploited for cryptojacking

Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has…

November 7, 2023

0 comment

Ransomware attacks set to break records in 2023

Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance. In its Q2 2023 Global Ransomware Report, Corvus noted a significant resur…

November 1, 2023

0 comment

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybers…

October 30, 2023

0 comment

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected

Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks.
The post Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected appeared first on SecurityWeek.

October 24, 2023

0 comment

State-sponsored APTs are leveraging WinRAR bug

A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE v…

October 18, 2023

0 comment

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security adv…

October 18, 2023

0 comment

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and for…

October 16, 2023

0 comment

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a c…

October 11, 2023

0 comment

1 … 3 4 5 6 7 … 20