Vulnerabilities Archives - Page 6 of 85

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Issued by: Security Affairs

F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. “This vulnerability may allow an unauthenticated…

Vulnerabilities

Virtual Alarm: VMware Issues Major Security Advisory

Issued by: Dark Reading

VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8. The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software…

Vulnerabilities

On Point: Overcoming Vulnerability Management Challenges

Issued by: DataBreach Today

Vulnerability management plays a critical role in ensuring the security and integrity of telecommunications networks. With the ever-evolving threat landscape and increasing sophistication of cyberattacks, effective vulnerability management is essential for telecommunications companies. But the unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Vulnerability Management Challenges…

Vulnerabilities

Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

Issued by: Dark Reading

In the latest in the saga of compromise involving a max-critical Cisco bug that has been exploited as a zero-day as users waited for patches, several security researchers reported observing a sharp decline in the number of infected Cisco IOS XE systems visible to them over the weekend. The drop sparked a rnge of theories…

Vulnerabilities

Cisco Finds New Zero Day Bug, Pledges Patches in Days

Issued by: Dark Reading

Cisco said a patch for two actively exploited zero-day flaws in its IOS XE devices is scheduled to drop on Oct. 22. The first Cisco zero-day bug, tracked under CVE-2023-20198, was announced on Oct. 16 and has a severity rating of 10 out of 10. At the time it was discovered, it had already allowed…

Vulnerabilities

Unpatched Zero-Day Being Exploited in the Wild, Cisco Warns

Issued by: DataBreach Today

Cisco on Monday asked customers to urgently disable the HTTP Server feature on internet-facing systems that was discovered to have a critical vulnerability in its modular operating system’s web interface. Hackers exploited the IOS XE software web user interface feature to gain administrator-level privileges, effectively taking complete control of compromised devices, Cisco Talos said in…

Vulnerabilities

Security Pros Warn That EU’s Vulnerability Disclosure Rule Is Risky

Issued by: Dark Reading

The European Union (EU) may soon require software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of an exploitation. Many IT security professionals want this new rule, set out in Article 11 of the EU’s Cyber Resilience Act (CRA), to be reconsidered. The rule requires vendors to disclose that they know about…

Vulnerabilities

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user….

Vulnerabilities

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks

Issued by: SecurityWeek

A note from Redmond linked the ongoing attacks to an APT group tracked as Storm-0062 and warned that malicious activity dates back to September 14, a full three weeks before Atlassian’s public disclosure of the issue. “Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed…

Vulnerabilities

Credentials Hard-Coded in Cisco Emergency Location Tracker

Issued by: DataBreach Today

Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers’ location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder tracking and routing software, opening up a permanent backdoor for potential unauthenticated attackers. At some point in the development cycle, static user credentials for…