Collaborate Disseminate
By Waqas
Ofcom, the UK communications regulator, is the latest victim of the infamous Cl0p extortion gang, who have been exploiting MOVEit vulnerabilities to target high-profile firms.
This is a post from HackRead.com Read the original post: UK’s… Continue reading UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released
As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. C… Continue reading PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-… Continue reading Zyxel firewalls under attack by Mirai-like botnet
A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerabil… Continue reading Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)
Nine vulnerabilities – 4 of them critical – have been found in a variety of Cisco Small Business Series Switches. PoC exploit code is available (but not public), and there is no indication that they are being exploited in the wild. About th… Continue reading Cisco fixes critical flaws in Small Business Series Switches
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still … Continue reading KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The vulnerabilities Serial device servers are networking devices that “network-en… Continue reading Advantech’s industrial serial device servers open to attack
An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there’s a public PoC exploit. About the vulnerability Ac… Continue reading PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350)
When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities (CVE-2023-26360) had been exploited in the wild “in very limited attacks.” Were your servers among… Continue reading Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of MS O… Continue reading PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)