Hacking News

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750, that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Zimbra Collaboration Suite is a comprehensive open-source messaging and […]

The post Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS appeared first on Security Affairs.

July 28, 2023
0 comment
Read More >>

DepositFiles exposed config file, jeopardizing user security

DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials. The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic “the cloud is just someone else’s computer” analogy. DepositFiles, a service boasting that it’s the […]

The post DepositFiles exposed config file, jeopardizing user security appeared first on Security Affairs.

July 27, 2023
0 comment
Read More >>

DepositFiles exposed config file, jeopardizing user security

DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials. The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic “the cloud is just someone else’s computer” analogy. DepositFiles, a service boasting that it’s the […]

The post DepositFiles exposed config file, jeopardizing user security appeared first on Security Affairs.

July 27, 2023
0 comment
Read More >>

Two ambulance services in UK lost access to patient records after a cyber attack on software provider

Swedish software firm Ortivus suffered a cyberattack that has resulted in at least two British ambulance services losing access to electronic patient records. Two British ambulance services were not able to access electronic patient records after a cyber attack that hit their software provider Ortivus. Ortivus was a Swedish software company specializing in providing solutions […]

The post Two ambulance services in UK lost access to patient records after a cyber attack on software provider appeared first on Security Affairs.

July 26, 2023
0 comment
Read More >>

FraudGPT, a new malicious generative AI tool appears in the threat landscape

FraudGPT is another cybercrime generative artificial intelligence (AI) tool that is advertised in the hacking underground. Generative AI models are becoming attractive for crooks, Netenrich researchers recently spotted a new platform dubbed FraudGPT which is advertised on multiple marketplaces and the Telegram Channel since July 22, 2023.  According to Netenrich, this generative AI bot was […]

The post FraudGPT, a new malicious generative AI tool appears in the threat landscape appeared first on Security Affairs.

July 26, 2023
0 comment
Read More >>

CISA adds Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

US CISA added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog. The vulnerability is an authentication bypass issue impacting Ivanti Endpoint Manager Mobile (EPMM) […]

The post CISA adds Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

July 26, 2023
0 comment
Read More >>

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799, in MikroTik RouterOS that can be exploited to hack vulnerable devices. VulnCheck researchers warn of a critical vulnerability, tracked as CVE-2023-30799 (CVSS score: 9.1), that can be exploited in large-scale attacks to target over 500,000 RouterOS systems. “MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are […]

The post Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw appeared first on Security Affairs.

July 26, 2023
0 comment
Read More >>

Atlassian addressed 3 flaws in Confluence and Bamboo products

Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems. According to […]

The post Atlassian addressed 3 flaws in Confluence and Bamboo products appeared first on Security Affairs.

July 26, 2023
0 comment
Read More >>

VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment

VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score 6.5), in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment that exposed logged credentials […]

The post VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment appeared first on Security Affairs.

July 25, 2023
0 comment
Read More >>

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted […]

The post A flaw in OpenSSH forwarded ssh-agent allows remote code execution appeared first on Security Affairs.

July 24, 2023
0 comment
Read More >>