Found 27 bookmarks
Custom sorting
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.
#bleepingcomputer#EN#2024#CVE-2024-44309#CVE-2024-44308#macos#JavaScriptCore#WebKit#exploited
·bleepingcomputer.com·
Apple fixes two zero-days used in attacks on Intel-based Macs
Ivanti warns of three more CSA zero-days exploited in attacks
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
#bleepingcomputer#EN#2024#Bypass#Ivanti#Code#Command#Actively#Remote#Services#Exploited#Injection#Execution#Security#Zero-Day#CSA#Cloud#Appliance#CVE-2024-9379#CVE-2024-9380#CVE-2024-9381
·bleepingcomputer.com·
Ivanti warns of three more CSA zero-days exploited in attacks
Acronis Product Vulnerability Exploited in the Wild
Acronis Product Vulnerability Exploited in the Wild
Cybersecurity and data protection technology company Acronis last week warned that threat actors are exploiting a critical-severity vulnerability patched nine months ago. Tracked as CVE-2023-45249 (CVSS score of 9.8), the security defect impacts Acronis Cyber Infrastructure (ACI) and allows threat actors to execute arbitrary code remotely due to the use of default passwords.
#securityweek#EN#2024#acronis#CVE-2023-45249#ACI#Exploited
·securityweek.com·
Acronis Product Vulnerability Exploited in the Wild
Hackers target WordPress calendar plugin used by 150,000 sites
Hackers target WordPress calendar plugin used by 150,000 sites
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. #Actively #Calendar #Computer #Events #Exploited #File #InfoSec #Modern #Plugin #Security #Upload #Vulnerability #WordPress
#Plugin#Calendar#Events#Vulnerability#File#InfoSec#Actively#WordPress#Security#Upload#Exploited#Modern#Computer
·bleepingcomputer.com·
Hackers target WordPress calendar plugin used by 150,000 sites
QNAP VioStor NVR vulnerability actively exploited by malware botnet
QNAP VioStor NVR vulnerability actively exploited by malware botnet
A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm. #Actively #Botnet #Computer #Exploited #FXC #InfectedSlurs #InfoSec #Malware #QNAP #Router #Security #Vulnerability
#bleepingcomputer#EN#2023#FXC#QNAP#InfectedSlurs#Actively#Botnet#Malware#Exploited#Computer#Router#Vulnerability
·bleepingcomputer.com·
QNAP VioStor NVR vulnerability actively exploited by malware botnet
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
  • Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020. * Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years. * We identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations. * Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).
#mandiant#EN#2022#2023#zero-day#zero-days#vulnerabilities#exploited#review
·mandiant.com·
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
* Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020. * Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years. * We identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations. * Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).
#mandiant#EN#2022#2023#zero-day#zero-days#vulnerabilities#exploited#review
·mandiant.com·
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace