Vulnerabilities Archives - Page 10 of 85

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Issued by: Security Affairs

The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350. The Bl00dy ransomware has been active since May 2022, it has been the first group that started using the leaked LockBit ransomware builder in attacks in the…

Vulnerabilities

Microsoft Fixes BlackLotus Vulnerability, Again

Issued by: DataBreach Today

Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware. In all, the Redmond giant pushed out 38 security fixes in its May patch cycle, addressing three zero-day flaws – two of which are under…

Vulnerabilities

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

Issued by: Naked Security

We’ll be honest, and admit that we hadn’t heard of the printer management software PaperCut until this week. In fact, the first time we heard the name was in the context of cybercriminality and malware attacks, and we naively assumed that “PaperCut” was what we like to call a BWAIN. A BWAIN is our satirical…

Vulnerabilities

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

Issued by: Naked Security

Last week, we warned about the appearance of two critical zero-day bugs that were patched in the very latest versions of macOS (version 13, also known as Ventura), iOS (version 16), and iPadOS (version 16). Zero-days, as the name suggests, are security vulnerabilities that were found by attackers, and put to real-life use for cybercriminal…

Vulnerabilities

Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days

Issued by: SecurityWeek

The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices. “Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google…

Vulnerabilities

Vulkan Playbook Leak Exposes Russia’s Plans for Worldwide Cyberwar

Issued by: Dark Reading

The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies’ grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet. The papers were leaked from the Russian contractor NTC Vulkan and show how Russian intelligence agencies use private companies…

Vulnerabilities

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

Issued by: The Hacker News

The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. “TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes…

Vulnerabilities

Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

Issued by: Security Affairs

Researchers from Orca Security shared details about a new vulnerability, dubbed Super FabriXss (CVE-2023-23383 – CVSS score: 8.2), in Azure. The experts demonstrated how to escalate a reflected XSS vulnerability in Azure Service Fabric Explorer to an unauthenticated Remote Code Execution. The researchers explained that they have abused the metrics tab and enabled a specific…

Vulnerabilities

DC Health Link Facing Lawsuits in Hack Affecting Congress

Issued by: DataBreach Today

The online health insurance marketplace servicing residents of Washington, D.C., and staffers and members of the U.S. Congress is facing two proposed class action lawsuits in the aftermath of a hacking incident that affected at least 56,400 individuals. Some of the data stolen in the incident was posted for sale on the dark web earlier…

Vulnerabilities

It’s Raining Zero-Days in Cyberspace

Issued by: DataBreach Today

Last year was another bonanza in zero-days for Chinese state hackers, say security researchers in a report predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. Data taken from original research by cybersecurity firm Mandiant and from open-source reporting suggests zero-day exploitation is generally trending upward despite fluctuation from year to year in the…