Found 77 bookmarks
Custom sorting
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts. #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
#thehackernews#EN#2024#WordPress#Plugin#Vulnerabilities
·thehackernews.com·
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Big Vulnerabilities in Next-Gen BIG-IP
Big Vulnerabilities in Next-Gen BIG-IP
Our ongoing research has identified remotely exploitable vulnerabilities in F5’s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager. These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment. At the time of writing, we have not seen any indication that these vulnerabilities have been exploited in the wild.
#eclypsium#EN#2024#BIG-IP#vulnerabilities#CVE-2024-21793#CVE-2024-26026
·eclypsium.com·
Big Vulnerabilities in Next-Gen BIG-IP
Chinese Keyboard App Vulnerabilities Explained
Chinese Keyboard App Vulnerabilities Explained
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."
#citizenlab#EN#2024#Chinese#Keyboard#App#Vulnerabilities#Tencent#Baidu#Android#iOS
·citizenlab.ca·
Chinese Keyboard App Vulnerabilities Explained
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
Vulnerabilities Year-in-Review: 2023
Vulnerabilities Year-in-Review: 2023
In 2023, threat actors continued to exploit a variety of vulnerabilities — both newly discovered weaknesses and unresolved issues — to carry out sophisticated attacks on global organizations. The number of documented software vulnerabilities continued to rise, and threat actors were quick to capitalize on new vulnerabilities and leverage recent releases of publicly available vulnerability research and exploit code to target entities. However, while there was a high number of vulnerabilities released in the reporting period, only a handful actually were weaponized in attacks. The ones of most interest are those that threat actors use for exploitation. In this report, we’ll analyze the numbers and types of vulnerabilities in 2023 with a view to understanding attack trends and how organizations can better defend themselves.
#intel471#EN#2024#Year-in-Review#2023#Vulnerabilities
·intel471.com·
Vulnerabilities Year-in-Review: 2023
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA
Based upon the authoring organizations’ observations during incident response activities and available industry reporting, as supplemented by CISA’s research findings, the authoring organizations recommend that the safest course of action for network defenders is to assume a sophisticated threat actor may deploy rootkit level persistence on a device that has been reset and lay dormant for an arbitrary amount of time. For example, as outlined in PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure), sophisticated actors may remain silent on compromised networks for long periods. The authoring organizations strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment.
#CISA#EN#2024#Ivanti#Vulnerabilities#Connect#persistence#Warning
·cisa.gov·
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Volexity regularly prioritizes memory forensics when responding to incidents. This strategy improves investigative capabilities in many ways across Windows, Linux, and macOS. This blog post highlights some specific ways memory forensics played a key role in determining how two zero-day vulnerabilities were being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices.
#volexity#EN#2024#Ivanti#Connect#Secure#VPN#Zero-Day#Vulnerabilities
·volexity.com·
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry
"We must build a robust understanding of AI vulnerabilities, foreign intelligence threats to these AI systems and ways to counter the threat in order to have AI security," Gen. Paul Nakasone said. "We must also ensure that malicious foreign actors can't steal America’s innovative AI capabilities to do so.”
#breakingdefense#EN#2023#AI#NSA#hub#vulnerabilities#intelligence#Nakasone#US
·breakingdefense.com·
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter.       - Seven vulnerabilities affect Apple macOS only.       - Two vulnerabilities affect VMWare vCenter.       - Three vulnerabilities affect both.
#talosintelligence#EN#2023#MSRPC#macOS#VMWare#vCenter#vulnerabilities
·blog.talosintelligence.com·
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation