Collaborate Disseminate
In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an existing exploit. About CVE-2024-0519 V8 is an open-source JavaScript and WebAssemb… Continue reading Google fixes actively exploited Chrome zero-day (CVE-2024-0519)
Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are acti… Continue reading 1,700 Ivanti VPN devices compromised. Are yours among them?
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk… Continue reading Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active …read more Continue reading This Week in Security: Owncloud, NXP, 0-Days, and Fingerprints
With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42… Continue reading Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)
A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day … Continue reading MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
By Waqas
ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks.
This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities
Continue reading APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities
The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation … Continue reading Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)
Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity co… Continue reading “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security adv… Continue reading Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)