Collaborate Disseminate
Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related… Continue reading 11 search engines for cybersecurity research you can use right now
The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat… Continue reading Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519)
CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation… Continue reading VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)
ThreatBlockr and GreyNoise announced a partnership that will enhance the ThreatBlockr platform. By leveraging GreyNoise data, ThreatBlockr customers now have automatic access to this enhanced cyber intelligence and the largest cyber intelligence data s… Continue reading ThreatBlockr integrates with GreyNoise to guard against false positives
Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 IBM Aspera Faspex is used by organizations to allow employees to quickly and se… Continue reading Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
Horizon3’s Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution. “Similar to the weaponization of previous archive vulnerability issues that allow arbit… Continue reading PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952)
If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they’ve been updated to a non-vulnerable version because Horizon3’s will be releasing technical details and a PoC exploit this week…. Continue reading PoC for critical ManageEngine bug to be released, so get patching! (CVE-2022-47966)
GreyNoise Intelligence unveiled its research report that dives deep into the most significant threat detection events of the past 12 months. “When it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner me… Continue reading Attackers never let a critical vulnerability go to waste
Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, and soon after exploitation attempts started rising. “[On Thursday], the… Continue reading Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) … Continue reading Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)