Month: July 2023

Vulnerabilities

Issued by: Security Affairs

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the company to its customers….

Vulnerabilities

Issued by: Dark Reading

A critical security vulnerability in Cisco’s SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco…

Application Security

Issued by: Dark Reading

Teams running the Zimbra Collaboration Suite version 8.8.15 are urged to apply a manual fix against a recently discovered zero-day vulnerability that’s being actively exploited in the wild. The Zimbra cloud suite offers email, calendar functions, and other enterprise collaboration tools. The vulnerability compromises the security of data on Zimbra servers, the company said in…

News

Issued by: Dark Reading

Experts are ringing the alarm bells over the risks unfettered development of artificial intelligence (AI) technology could pose to humanity. Enter the European Union (EU), already a leader in data protection and privacy rights, where the EU Parliament has agreed on a law governing AI technology. Jonathan Dambrot, CEO of Cranium, says it’s not surprising…

Vulnerabilities

Issued by: DataBreach Today

Configuration management – especially vulnerability patching – is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration issues to be a top weakness at a VA healthcare system in Arizona. The Veterans Affairs Office of Inspector General in a report issued Tuesday said…

Vulnerabilities

Issued by: CSO Online

Attackers have used the loophole to forge signatures on maliciously modified drivers, enabling them to deploy persistent malware and defeat game defenses. A loophole in a core Windows security mechanism that requires all kernel drivers to be digitally signed by Microsoft allows attackers to forge signatures on maliciously modified drivers. This technique has been automated…

Software Security

Issued by: SecurityWeek

In an update to a critical-level advisory originally released in April this year, VMware said it has confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. The vulnerability, which carries a CVSS severity score of 9.8 out of 10, allows an unauthenticated, malicious actor…

Malware & Threats

Issued by: Security Affairs

Progress is informing customers of a new critical SQL injection vulnerability, tracked as CVE-2023-36934, in its MOVEit Transfer software. MOVEit Transfer software recently made the headlines due to the massive Clop ransomware hacking campaign exploiting a vulnerability in the product. The flaw CVE-2023-36934 impacts software versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7…

Malware & Threats

Issued by: Dark Reading

Cargo containers filled with imports and exports from all over the world have been stuck at the Port of Nagoya following a ransomware attack on its networks early Tuesday morning. The port is the largest in Japan and the central shipping hub for international carmaker Toyota. According to its operator, Nagoya Harbor Transportation, it received…

Malware & Threats

Issued by: DataBreach Today

Critical services in the Netherlands could be a potential target of ransomware and hacktivist attackers with ties to Russia as a means to sow large-scale disruptions in the country, according to a Dutch National Cyber Security Centre warning this week. Although the Russian invasion of Ukraine did not immediately result in a high-level of attacks…