11 matches found
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 CVSS score: 7.5, the vulnerability relates to a path traversal vulnerability in Openfire's...
Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild
The Cybersecurity and Infrastructure Security Agency CISA added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch FCEB agencies must remediate this...
The Bug Report – February 2023 Edition
The Bug Report – February 2023 Edition By Trellix · March 1, 2023 This story was also written by Sam Quinn. Figure 1: Ironic. It could protect other devices from threats, but not itself. Why am I here? Welcome back to the Bug Report! For those in the audience unfamiliar with our shtick, we compil...
Update now! GoAnywhere MFT zero-day patched
An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...
The Fault in Our Kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...
The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...
SAP customers are urged to patch critical vulnerabilities in multiple products
German enterprise software maker SAP has patched three critical vulnerabilities affecting Internet Communication Manager ICM, a core component of SAP business applications. Customers are urged by both SAP and CISA to address these critical vulnerabilities as soon as possible. On February 8, SAP...
The Bug Report November 2021 Edition
The Bug Report — November 2021 Edition By Mark Bereza · November 30, 2021 Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report ...
Critical Code Execution Flaw Patched in PeopleSoft Core Engine
Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...
Bad Code Library Triggers Devil's Ivy Vulnerability in Millions of IoT Devices
Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them. The vulnerability, dubbed Devil’s Ivy, was identified by researchers at Senrio...
Hacking Wireless DSL routers via Administrative password Reset Vulnerability
If you want to hack a Netgear and Linkys Wireless Routers, there is a quick backdoor entry available, that allow an attacker to reset the admin panel password to defaults. Eloi Vanderbeken, a hacker and reverse-engineer from France has discovered an administration password Reset vulnerability in...