Collaborate Disseminate
Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable s… Continue reading Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035)
Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was… Continue reading Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)
The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability… Continue reading Salesforce and Meta suffer phishing campaign that evades typical detection methods
In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the ven… Continue reading Android n-day bugs pose zero-day threat
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CV… Continue reading Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority (NSM) has confirmed on Tuesday. What is… Continue reading Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)
Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in We… Continue reading Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)
The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat… Continue reading Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519)
Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. A zero-day patched (… Continue reading Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)
The first compromise didn’t get the crooks as far as they wanted, so they found a second one that did… Continue reading Microsoft hit by Storm season – a tale of two semi-zero days