Collaborate Disseminate
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office for Informati… Continue reading 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newe… Continue reading Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)
CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attacke… Continue reading Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (a… Continue reading Russian hackers target unpatched JetBrains TeamCity servers
Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter R… Continue reading Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing. The Shadowserver Foundation has also seen 30+ IP addre… Continue reading Atlassian Confluence data-wiping vulnerability exploited
The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software. Arranging a widespread Qakbot removal The Qak… Continue reading The removal of Qakbot from infected computers is just the first step
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-… Continue reading Zyxel firewalls under attack by Mirai-like botnet
Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 IBM Aspera Faspex is used by organizations to allow employees to quickly and se… Continue reading Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
The Shadowserver Foundation fulfills a unique role in the cybersecurity ecosystem by supplying vital security information to Internet defenders and law enforcement at no cost. In this Help Net Security video, Piotr Kijewski, CEO at The Shadowserver Fou… Continue reading Shadowserver: Get free access to timely, critical Internet security data