PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and o… Continue reading PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices’ telemetry, it has now been confirmed that this mitigation is ineffectual. “Device teleme… Continue reading Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Akira, LockBit actively searching for vulnerable Cisco ASA devices

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available… Continue reading Akira, LockBit actively searching for vulnerable Cisco ASA devices

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulner… Continue reading Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

Critical ownCloud flaw under attack (CVE-2023-49103)

Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in enterprise settings. Greynoise and SANS ISC say attemps have been first spotted over… Continue reading Critical ownCloud flaw under attack (CVE-2023-49103)

Atlassian Confluence data-wiping vulnerability exploited

Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP addre… Continue reading Atlassian Confluence data-wiping vulnerability exploited

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a c… Continue reading Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

11 search engines for cybersecurity research you can use right now

Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related… Continue reading 11 search engines for cybersecurity research you can use right now

Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519)

The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat… Continue reading Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519)

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)

CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation… Continue reading VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)