vulnerability Archives - Page 7 of 24

KeePass fixed the bug that allows the extraction of the cleartext master password

Issued by: Security Affairs

KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. KeePass is a free and open-source software used to securely manage passwords. It functions as a digital “safe” where users can store and organize their sensitive information, including passwords, credit card numbers, notes, and other sensitive…

Vulnerabilities

Zyxel firewall and VPN devices affected by critical flaws

Issued by: Security Affairs

Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that affect several of its firewall and VPN products. A remote, unauthenticated attacker can can trigger the flaws to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices. Below are the description for both issues provided by the vendor in…

Vulnerabilities

Barracuda Email Security Gateway (ESG) hacked via zero-day bug

Issued by: Security Affairs

Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed it with the release…

Vulnerabilities

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Issued by: Security Affairs

The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350. The Bl00dy ransomware has been active since May 2022, it has been the first group that started using the leaked LockBit ransomware builder in attacks in the…

Vulnerabilities

Microsoft Fixes BlackLotus Vulnerability, Again

Issued by: DataBreach Today

Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware. In all, the Redmond giant pushed out 38 security fixes in its May patch cycle, addressing three zero-day flaws – two of which are under…

Application Security

Google Warns of New Chrome Zero-Day Attack

Issued by: SecurityWeek

Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. “Google is aware that an exploit…

Vulnerabilities

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

Issued by: Naked Security

Last week, we warned about the appearance of two critical zero-day bugs that were patched in the very latest versions of macOS (version 13, also known as Ventura), iOS (version 16), and iPadOS (version 16). Zero-days, as the name suggests, are security vulnerabilities that were found by attackers, and put to real-life use for cybercriminal…

Network Security

Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin

Issued by: Security Affairs

WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild. Elementor Pro is a paid plugin that is currently installed on over 11 million websites, it allows users to easily create WordPress websites. This vulnerability was reported on March…

Vulnerabilities

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

Issued by: The Hacker News

The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. “TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes…

Vulnerabilities

Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

Issued by: Security Affairs

Researchers from Orca Security shared details about a new vulnerability, dubbed Super FabriXss (CVE-2023-23383 – CVSS score: 8.2), in Azure. The experts demonstrated how to escalate a reflected XSS vulnerability in Azure Service Fabric Explorer to an unauthenticated Remote Code Execution. The researchers explained that they have abused the metrics tab and enabled a specific…