vulnerabilities Archives - Page 3 of 63

Addressing vulnerabilities in OT environments requires a Zero Trust approach

Issued by: CSO Online

Cyberattacks on operational technology (OT) systems are rapidly rising. In fact, manufacturing was one of the sectors most impacted by extortion attacks last year, according to Palo Alto Networks Unit 42, as reported in the 2023 Unit 42 Extortion and Ransomware Report. Attacks against OT systems can have a significant impact, including physical consequences such…

Vulnerabilities

Apple addressed 2 new iOS zero-day vulnerabilities

Issued by: Security Affairs

Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine. The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read. An attacker can trick a victim into visiting specially crafted web…

Malware & Threats

Exploited Vulnerabilities Can Take Months to Make KEV List

Issued by: Dark Reading

On October 10, the Cybersecurity and Infrastructure Security Agency (CISA) updated the Known Exploited Vulnerabilities (KEV) catalog with five known software flaws. At the top of the list: A use-after-free vulnerability in Adobe’s Acrobat and Reader PDF-viewing applications that could allow code execution with the privileges of any user that clicked on a malicious file….

Vulnerabilities

21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers

Issued by: Dark Reading

Researchers have discovered 21 vulnerabilities in a popular brand of industrial router. On Dec. 7 at Black Hat Europe, analysts from Forescout will reveal the bugs — including one of 9.6 “Critical” severity on the CVSS scale, and nine “High” severity — affecting a brand of operational technology (OT)/Internet of Things (IoT) routers especially common…

Malware & Threats

North Korea’s BlueNoroff APT Debuts ‘Dumbed Down’ macOS Malware

Issued by: Dark Reading

North Korean state hackers have debuted a fresh Mac malware targeting users in the US and Japan, which researchers characterize as “dumbed down” but effective. An arm of the DPRK’s notorious Lazarus Group, BlueNoroff has been known to raise money for the Kim regime by targeting financial institutions — banks, venture capital firms, cryptocurrency exchanges…

Vulnerabilities

Cisco patches serious flaws in Firepower and Identity Services Engine

Issued by: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging administrators to deploy the available patches because “a cyber threat actor could…

Malware & Threats

Ransomware Readiness Assessments: One Size Doesn’t Fit All

Issued by: Dark Reading

Ransomware attacks can be devastating for organizations, causing significant damage to operations and reputations. Therefore, it’s crucial to prepare for such an eventuality with a comprehensive ransomware response plan. However, it’s also essential to understand that ransomware readiness assessments aren’t a one-size-fits-all solution. Let’s explore why a tailored approach to ransomware readiness assessments is necessary…

Vulnerabilities

Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

Issued by: Dark Reading

In the latest in the saga of compromise involving a max-critical Cisco bug that has been exploited as a zero-day as users waited for patches, several security researchers reported observing a sharp decline in the number of infected Cisco IOS XE systems visible to them over the weekend. The drop sparked a rnge of theories…

Vulnerabilities

Cisco Finds New Zero Day Bug, Pledges Patches in Days

Issued by: Dark Reading

Cisco said a patch for two actively exploited zero-day flaws in its IOS XE devices is scheduled to drop on Oct. 22. The first Cisco zero-day bug, tracked under CVE-2023-20198, was announced on Oct. 16 and has a severity rating of 10 out of 10. At the time it was discovered, it had already allowed…

Vulnerabilities

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user….