Major Cyber Attacks in Review: January 2024
Major Cyber Attacks in Review: January 2024 As January 2024 dawned, the digital atmosphere braced itself for another year’s cybersecurity challenges. Throughout the month, organizations experien...
RCEs in FortiOS SSL VPN, ‘shim’; Latest Ivanti Flaw Possibly Exploited...
RCEs in FortiOS SSL VPN, ‘shim’; Latest Ivanti Flaw Possibly Exploited (CVE-2024-21762, CVE-2023-40547, CVE-2024-22024) [Update] March 20, 2024: “Technical Documentation and Detailed Exploit Code on C...
Retrospective – SOCRadar in 2023
Retrospective – SOCRadar in 2023 2023 has been a year we left behind with bitter and sweet memories. Although it will leave its mark on the long journey of humanity as a year marked by natural disaste...
Cisco Fixed Critical CSRF Flaws in Expressway Gateways (CVE-2024-20252...
Cisco Fixed Critical CSRF Flaws in Expressway Gateways (CVE-2024-20252 and CVE-2024-20254) Cisco patched multiple security vulnerabilities, including critical ones, affecting its Expressway Series gat...
Critical JetBrains TeamCity Authentication Bypass (CVE-2024-23917); CI...
Critical JetBrains TeamCity Authentication Bypass (CVE-2024-23917); CISA Adds Chrome Type Confusion to KEV (CVE-2023-4762) JetBrains recently discovered a critical authentication bypass vulnerability ...
Latest Vulnerabilities in FortiSIEM, Oracle WebLogic, Apache Tomcat: C...
Latest Vulnerabilities in FortiSIEM, Oracle WebLogic, Apache Tomcat: CVE-2024-23108, CVE-2024-23109, CVE-2024-20931, CVE-2024-21733 The ever-evolving landscape of cybersecurity presents new challenges...
Barracuda Disclosed Critical Vulnerabilities in WAF, Affecting File Up...
Barracuda Disclosed Critical Vulnerabilities in WAF, Affecting File Upload and JSON Protection Barracuda recently issued a security advisory confirming the presence of 7 security vulnerabilities, rang...
AnyDesk Production Server Breach and Dark Web Sale of 18,000 Accounts
AnyDesk Production Server Breach and Dark Web Sale of 18,000 Accounts AnyDesk, a prominent remote desktop software provider, reported a security breach affecting its production systems on February 2, ...
Latest Critical Vulnerabilities in Juniper Secure Analytics and Mastod...
Latest Critical Vulnerabilities in Juniper Secure Analytics and Mastodon: CVE-2023-37920, CVE-2021-4048, CVE-2024-23832 The latest serious issues demanding attention include severe vulnerabilities fou...
Severe Vulnerabilities in Moby BuildKit and OCI runc: CVE-2024-23651, ...
Severe Vulnerabilities in Moby BuildKit and OCI runc: CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert reg...
Vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for...
Vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Exploited (CVE-2024-21888, CVE-2024-21893) [Update] March 11, 2024: “Rapid Exploitation of CVE-2024-21888 and CVE-2024-...
GNU C Library Affected by Several Vulnerabilities, Attackers Could Obt...
GNU C Library Affected by Several Vulnerabilities, Attackers Could Obtain Root Access (CVE-2023-6246) Researchers have recently discovered several vulnerabilities in GNU C Library (glibc), impacting v...
Atlassian’s Confluence Data Center and Server Affected by Critical RCE...
Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability, CVE-2023-22527: Patch Now [Update] January 25, 2024: “CVE-2023-22527 Has Been Listed in CISA KEV” [Update] January...
Critical RCE Vulnerability in Cisco Unified Communications with Risk o...
Critical RCE Vulnerability in Cisco Unified Communications with Risk of Root Access (CVE-2024-20253) The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting Cisco ...
Critical Jenkins CLI File Read Vulnerability Could Lead to RCE Attacks...
Critical Jenkins CLI File Read Vulnerability Could Lead to RCE Attacks (CVE-2024-23897) [Update] January 29, 2024: Read under “PoC Exploits Are Available for the Jenkins Vulnerability, CVE-2024-23897”...
Critical Auth Bypass in GoAnywhere MFT: Is It a New Ransomware Gateway...
Critical Auth Bypass in GoAnywhere MFT: Is It a New Ransomware Gateway? (CVE-2024-0204) Fortra has disclosed a critical vulnerability in its GoAnywhere MFT (Managed File Transfer) software – an authen...
What is SIM Swapping?
What is SIM Swapping? SIM swapping attacks have emerged as a formidable and increasingly prevalent challenge in the ever-evolving cyber landscape. This sophisticated form of cybercrime involves attack...
New Apple Zero-Day in WebKit Received a Fix (CVE-2024-23222)
New Apple Zero-Day in WebKit Received a Fix (CVE-2024-23222) [Update] January 24, 2024: “Apple WebKit Zero-Day CVE-2024-23222 Enters CISA KEV Catalog” Apple has issued security updates to address the ...
A Year of Vigilance and Innovation, Triumphs of CISA in 2023
A Year of Vigilance and Innovation, Triumphs of CISA in 2023 In its fifth year on the cybersecurity frontier since its establishment in 2018, the Cybersecurity and Infrastructure Security Agency (CISA...
Oracle Issued 389 New Security Patches in January 2024 Critical Patch ...
Oracle Issued 389 New Security Patches in January 2024 Critical Patch Update Oracle has released its Critical Patch Update advisory for January 2024, aimed at remedying vulnerabilities spanning variou...