A Russian digital extortion gang behind a raft of attacks on file transfer applications is now targeting a newly patched vulnerability in SysAid IT support software. Attacks can lead to ransomware and data theft, tweeted Microsoft late on Wednesday.
Ransomware hackers have seized on an exploit of a recently disclosed zero-day vulnerability in Atlassian Confluence instances days after the company urged its customers to patch immediately. Atlassian on Monday elevated the bug's criticality to 10, the maximum possible on the CVSS scale.
Atlassian added new urgency Thursday to a warning that customers with on-premises Confluence servers should patch immediately to protect against a vulnerability that attackers could exploit to destroy data. A publicly available exploit now exists for the vulnerability, tracked as CVE-2023-22518.
Ransomware-wielding groups are among the attackers exploiting vulnerabilities in NetScaler devices to bypass authentication and gain initial access to victims' networks. Experts say users must not just patch but also wipe device memory to prevent attackers from bypassing access controls.
This week, Citrix's update was insufficient, a Navy IT manager was sentenced to prison for accessing a database, a Moldovan man pleaded not guilty to running a credentials marketplace, new details emerged on health data breaches, and a television advertising giant suffered a ransomware attack.
Nation-state hackers are targeting a vulnerability in WinRAR, a popular Windows utility for archiving files, warns Google’s Threat Analysis Group, which said it has seen "government-backed hacking groups" who hail from multiple countries, including China and Russia, targeting the bug.
Ransomware-wielding attackers are targeting unpatched versions of FTP software that is widely used by large enterprises, including government and educational organizations. A researcher released proof-of-concept exploit code for WS_FTP software just one day after Progress Software issued its patch.
Microsoft fixed three zero-days under actively exploitation in its patch dump for the month of October: A disclosure flaw in WordPad that can be exploited to obtain hashed passwords, a bug in Skype for Business and a patch to fix exposure to the Rapid Reset exploit.
A Chinese nation state hacking group is exploiting a zero-day flaw in Atlassian's Confluence Data Center and Server products as part a campaign spotted in mid-September, Microsoft researchers say. The company attributes the campaign to a Chinese nation-state hacking group designates Storm-0062.
Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Hackers have weaponized a zero-day in a popular workspace collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, Atlassian's Confluence Data Center and Server products, which serves millions of daily active users.
This week, Bitsight found a lot of internet-exposed industrial control systems, Apple issued new patches, Sony confirmed a data breach, Google and Yahoo tackled spam, Qualcomm patched three zero-days, Cisco revealed zero-day exploits in VPN, and the FBI warned of twin attacks.
A clutch of vulnerabilities in an open-source tool used by major corporations to scale up machine learning models could lead to remote takeover, says a cybersecurity firm in a warning downplayed by Meta, which co-manages the open-source project.
More than four dozen cybersecurity mavens say a proposed European Union mandate for software publishers to inform the trading bloc's cybersecurity agency of zero-day exploits within 24 hours of their discovery risks harming cybersecurity efforts.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.