Latest Security Advisory news

GitLab warns of critical zero-click account hijacking vulnerability

GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
- Bill Toulas
- January 12, 2024
- 12:54 PM
- 0
Critical bug in ownCloud file sharing app exposes admin passwords

Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials.
- Bill Toulas
- November 24, 2023
- 01:14 PM
- 3
Fortinet warns of critical command injection bug in FortiSIEM

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.
- Bill Toulas
- November 16, 2023
- 10:20 AM
- 0
Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw

Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the "Reptar" high-severity flaw that affects Intel CPUs for desktop and server systems.
- Bill Toulas
- November 15, 2023
- 02:24 PM
- 0
F5 fixes BIG-IP auth bypass allowing remote code execution attacks

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
- Bill Toulas
- October 27, 2023
- 11:11 AM
- 0
NSA and FBI: Kimsuky hackers pose as journalists to steal intel

State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations.
- Bill Toulas
- June 02, 2023
- 02:07 PM
- 1
SAP releases security updates for two critical-severity flaws

Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.
- Bill Toulas
- April 11, 2023
- 04:54 PM
- 0
CISA: Federal agencies hacked using legitimate remote desktop tools

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software for malicious purposes.
- Sergiu Gatlan
- January 25, 2023
- 04:18 PM
- 0
Zyxel warns of flaws impacting firewalls, APs, and controllers

Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products.
- Bill Toulas
- May 26, 2022
- 10:06 AM
- 0
Cybersecurity agencies reveal top initial access attack vectors

A joint security advisory issued by multiple national cybersecurity authorities revealed today the top 10 attack vectors most exploited by threat actors for breaching networks.
- Sergiu Gatlan
- May 17, 2022
- 11:33 AM
- 0
Log4j: List of vulnerable products and vendor advisories

News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday.
- Ionut Ilascu
- December 14, 2021
- 02:46 AM
- 3
US government discloses more ransomware attacks on water plants

U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years according to joint advisory published by US government agencies on Thursday.
- Sergiu Gatlan
- October 15, 2021
- 03:43 AM
- 0
FBI, CISA: Ransomware attack risk increases on holidays, weekends

The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today.
- Sergiu Gatlan
- August 31, 2021
- 01:52 PM
- 1
FBI reveals top targeted vulnerabilities of the last two years

A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years.
- Sergiu Gatlan
- July 28, 2021
- 08:31 AM
- 0
Five Eyes members warn of Accellion FTA extortion attacks

Four members of Five Eyes, in collaboration with Singapore as an active contributor, have issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations using the Accellion File Transfer Appliance (FTA).
- Sergiu Gatlan
- February 24, 2021
- 10:09 AM
- 0
List of DNSpooq vulnerability advisories, patches, and updates

Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities.
- Lawrence Abrams
- January 20, 2021
- 02:00 AM
- 4
CISA: Hackers bypassed MFA to access cloud service accounts

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.
- Sergiu Gatlan
- January 13, 2021
- 04:24 PM
- 0
SolarWinds releases updated advisory for new SUPERNOVA malware

SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform.
- Lawrence Abrams
- December 26, 2020
- 09:50 AM
- 1
QNAP warns customers of recent wave of ransomware attacks

QNAP has issued an advisory about a recent wave of ransomware attacks targeting its NAS storage devices and encrypting files.
- Lawrence Abrams
- September 30, 2020
- 11:10 AM
- 0
Fake security advisory used in clever cPanel phishing attack

A clever phishing scam is targeting cPanel users with a fake security advisory alerting them of critical vulnerabilities in their web hosting management panel.
- Lawrence Abrams
- August 08, 2020
- 10:05 AM
- 0