IT Information Security

Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release

Threat actors started exploiting a critical Oracle E-Business Suite flaw, tracked as CVE-2022-21587, shortly after a PoC was published. Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business Suite flaw (CVE-2022-21587) shortly after a PoC was published. The E-Business Suite is a set of enterprise applications that allows organizations automate […]

The post Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release appeared first on Security Affairs.

February 3, 2023
0 comment
Read More >>

VMware Workstation update fixes an arbitrary file deletion bug

VMware addressed a high-severity privilege escalation vulnerability, tracked as CVE-2023-20854, in VMware Workstation. VMware fixed a high-severity privilege escalation flaw, tracked as CVE-2023-20854, that impacts Workstation. An attacker can exploit the vulnerability to delete arbitrary files on Workstation version 17.x for Windows OS.  “An arbitrary file deletion vulnerability in VMware Workstation was privately reported to VMware. Updates are […]

The post VMware Workstation update fixes an arbitrary file deletion bug appeared first on Security Affairs.

February 3, 2023
0 comment
Read More >>

Atlassian fixed critical authentication vulnerability in Jira Software

Atlassian fixed a critical flaw in Jira Service Management Server and Data Center that can allow an attacker to impersonate another user and gain access to a Jira Service Management instance. Atlassian has released security updates to address a critical vulnerability in Jira Service Management Server and Data Center, tracked as CVE-2023-22501 (CVSS score: 9.4), […]

The post Atlassian fixed critical authentication vulnerability in Jira Software appeared first on Security Affairs.

February 3, 2023
0 comment
Read More >>

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Russia-linked threat actor Gamaredon employed new spyware in cyber attacks aimed at public authorities and critical information infrastructure in Ukraine. The State Cyber Protection Centre (SCPC) of Ukraine warns of a new wave of targeted attacks conducted by the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa). The attacks aimed at public authorities and critical information […]

The post Russia-linked Gamaredon APT targets Ukrainian authorities with new malware appeared first on Security Affairs.

February 3, 2023
0 comment
Read More >>

Cisco fixed command injection bug in IOx Application Hosting Environment

Cisco fixed a high-severity flaw in the IOx application hosting environment that can be exploited in command injection attacks. Cisco has released security updates to address a command injection vulnerability, tracked as CVE-2023-20076, in the Cisco IOx application hosting environment. “A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker […]

The post Cisco fixed command injection bug in IOx Application Hosting Environment appeared first on Security Affairs.

February 3, 2023
0 comment
Read More >>

API management (APIM): What It Is and Where It’s Going

Analyzing the concept of API management (APIM), its benefits, and what it will look like as the API landscape continues to evolve. There are two fundamental truths in the API landscape. So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security […]

The post API management (APIM): What It Is and Where It’s Going appeared first on Security Affairs.

February 2, 2023
0 comment
Read More >>

A High-severity bug in F5 BIG-IP can lead to code execution and DoS

Experts warn of a high-severity vulnerability that affects F5 BIG-IP that can lead to arbitrary code execution or DoS condition. A high-severity vulnerability in F5 BIG-IP, tracked as CVE-2023-22374, can be exploited to cause a DoS condition and potentially lead to arbitrary code execution. “A format string vulnerability exists in iControl SOAP that allows an […]

The post A High-severity bug in F5 BIG-IP can lead to code execution and DoS appeared first on Security Affairs.

February 2, 2023
0 comment
Read More >>

Experts warn of two flaws in popular open-source software ImageMagick

Experts disclosed details of two security flaws in the open-source software ImageMagick that could potentially lead to information disclosure or trigger a DoS condition. Researchers at Metabase Q discovered a couple of security vulnerabilities in the open-source image manipulation software ImageMagick that could potentially lead to information disclosure or trigger a Denial of Service (DoS) condition (CVE-2022-44268, CVE-2022-44267). ImageMagick is […]

The post Experts warn of two flaws in popular open-source software ImageMagick appeared first on Security Affairs.

February 2, 2023
0 comment
Read More >>

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code […]

The post Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw appeared first on Security Affairs.

February 2, 2023
0 comment
Read More >>

Pro-Russia Killnet group hit Dutch and European hospitals

The Dutch National Cyber Security Centre (NCSC) confirmed that Pro-Russia group Killnet hit websites of national and European hospitals. The Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospital in the Netherlands and Europe were hit by DDoS attacks carried out by pro-Russia hacking group Killnet. The group of hackers launched […]

The post Pro-Russia Killnet group hit Dutch and European hospitals appeared first on Security Affairs.

February 1, 2023
0 comment
Read More >>