vulnerability

Vulnerabilities

Issued by: Dark Reading

VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8. The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software…

Vulnerabilities

Issued by: DataBreach Today

Vulnerability management plays a critical role in ensuring the security and integrity of telecommunications networks. With the ever-evolving threat landscape and increasing sophistication of cyberattacks, effective vulnerability management is essential for telecommunications companies. But the unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Vulnerability Management Challenges…

Malware & Threats

Issued by: DataBreach Today

North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool – a high-risk development, especially in light of Pyongyang hackers’ recent track record of supply chain hacks. Researchers at Microsoft said Wednesday that North Korean nation-state threat actors tracked as Diamond Sleet and Onyx Sleet…

Vulnerabilities

Issued by: DataBreach Today

Cisco on Monday asked customers to urgently disable the HTTP Server feature on internet-facing systems that was discovered to have a critical vulnerability in its modular operating system’s web interface. Hackers exploited the IOS XE software web user interface feature to gain administrator-level privileges, effectively taking complete control of compromised devices, Cisco Talos said in…

Malware & Threats

Issued by: Security Affairs

Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases. The vulnerability can be exploited by an attacker to gain administrator privileges and take…

News

Issued by: DataBreach Today

A British financial regulator fined American credit reporting agency Equifax 11 billion pounds for its role in one of the world’s largest data breaches. Chinese military hackers in 2017 exploited a vulnerability in Equifax’s online dispute portal to download the personal data of nearly 14 million residents of the United Kingdom as well as approximately…

Mobile Security

Issued by: Security Affairs

Apple has released iOS 16.7.1 and iPadOS 16.7.1 to address the recently disclosed zero-day CVE-2023-42824. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. Last week, Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting…

Vulnerabilities

Issued by: SecurityWeek

A note from Redmond linked the ongoing attacks to an APT group tracked as Storm-0062 and warned that malicious activity dates back to September 14, a full three weeks before Atlassian’s public disclosure of the issue. “Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed…

Vulnerabilities

Issued by: DataBreach Today

Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers’ location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder tracking and routing software, opening up a permanent backdoor for potential unauthenticated attackers. At some point in the development cycle, static user credentials for…