Collaborate Disseminate
Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attacker… Continue reading Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)
Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code … Continue reading Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)
Software development firm JetBrains has fixed a critical vulnerability (CVE-2023-42793) in its TeamCity continuous integration and continuous delivery (CI/CD) solution, which may allow authenticated attackers to achieve remote code execution and gain c… Continue reading Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)
A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found du… Continue reading Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. “In some cases, adversaries have conducted credential stuffing attacks that… Continue reading Cisco VPNs with no MFA enabled hit by ransomware groups
Restructuring plan will result in an 18% reduction in employee headcount and closing of some Rapid7 office locations.
The post Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan appeared first on SecurityWeek.
Continue reading Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan
Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was… Continue reading Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)
Rapid7 released Executive Risk View, a solution that normalizes risk scoring across cloud and on-premises environments so that security leaders can effectively assess and collaborate with teams across an organization to speed up cyber risk reduction. N… Continue reading Rapid7 Executive Risk View allows security teams to prioritize remediation actions
Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with inco… Continue reading Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices. Continue reading Apple & Microsoft Patch Tuesday, July 2023 Edition