Alert

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22527 Atlassian Confluence Data Center and Server Template Injection Vulnerability CVE-2023-22527 Detail: A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE …

CISA released 6 advisories for Industrial Control Systems (ICS) on January 23, 2024. These advisories share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-023-01 APsystems Energy Communication Unit (ECU-C) Power Control Software ICSA-24-023-02 Crestron AM-300 ICSA-24-023-03 Voltronic Power ViewPower Pro ICSA-23-023-04 Westermo Lynx 206-F2G ICSA-24-023-05 Lantronix …

Apple’s first zero-day of 2024 has been disclosed, with fixes pushed out for MacOS, iOS, and iPadOS. Apple describes CVE-2024-23222 as a type confusion bug in Webkit. They are aware of a report suggesting that this issue might have been exploited. “Processing maliciously crafted web content may lead to arbitrary …

CISA, the FBI, and the EPA have released a guide to help water and wastewater systems respond to incidents. Over 25 organizations from various sectors contributed to this guide, including private companies, non-profit organizations, and government entities. This collaboration ensured that the guide would be useful for water and wastewater …

Cybersecurity researchers at Trend Micro discovered an exploitation of CVE-2023-36025 leading to the spread of a new type of malware called Phemedrone Stealer. Phemedrone Stealer is a malware that targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. It not only steals data, but also takes …

In a blog post BishopFox said, SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities with the potential for remote code execution. SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart and reported that no exploitation had been observed in the wild; …

CISA issued nine advisories about Industrial Control Systems (ICS) on January 11, 2024, to give timely information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-011-03 Rapid Software LLC Rapid SCADA ICSA-24-011-04 Horner Automation Cscape ICSA-24-011-05 Schneider Electric Easergy Studio ICSA-24-011-06 Siemens Teamcenter Visualization and JT2Go ICSA-24-011-07 Siemens Spectrum …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six security vulnerabilities that are being actively exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-27524 is a high-severity vulnerability in Apache Superset. It has a CVSS score of 8.9 and could allow remote code …

Hudson Researchers reported that on December 20th, ‘irleaks’ claimed to have 160 million records from 23 top insurance companies in Iran for sale. The hacker says they have stolen data like names, birth dates, phone numbers, national codes, and more. They have shared a sample of the data and want …