Sunday , December 22 2024

Vulnerabilities

APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 at STRUTS 2

STRUTS CVE

The Apache Software Foundation fixed a critical file upload vulnerability in the Struts 2 open-source framework. This flaw, tracked as CVE-2023-50164, could allow remote code execution. An attacker can manipulate file upload parameters to upload a malicious file and execute code on the server. “An attacker can manipulate file upload …

Read More »

Cyber attack on Sparrso; Hacker’s claim, Sparrso’s denial

A hacktivist group named “Team Network Nine” claimed a cyber attack on “Bangladesh Space Research and Remote Sensing Organization (SPARSO). The group claimed that the December 1 attack resulted in Sparrso’s website being down for 1 hour. An Indian media reported on the issue. According to the report, the hacktivist …

Read More »

vulncheck report
15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack

Repository on GitHub

15,000 Go module repositories on GitHub are vulnerable to repojacking attack, according to new research. VulnCheck chief technology officer jacob Baines shared a report with renowned newspaper where he said, “More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes, “More than 6,000 repositories were vulnerable to …

Read More »

Blog post update
Microsoft warns of exploiting critical outlook vulnerability

Microsoft has found a group called Forest Blizzard (also known as STRONTIUM) in Russia using a security vulnerability called CVE-2023-23397 to get into email accounts on Exchange servers without permission. The Polish Cyber Command (DKWOC) is working with Microsoft to stop Forest Blizzard and prevent them from using their tricks. …

Read More »

ShadowServer Foundation
About 20,000 Microsoft Exchange Servers at Risk of Cyberattacks

Exchange server

A lot number of microsoft Exchange email servers in Europe, the United States, and Asia are at risk because they are accessible on the public internet. These servers are using an old and unsupported version of the software, which makes them vulnerable to multiple security issues, including some that are …

Read More »

Zyxel releases patches to Fix 15 Flaws NAS, Firewall, and AP Devices

Zyxel released patches for 15 security issues affecting network-attached storage (NAS), firewall, and access point (AP) devices. The fixes address critical flaws that could allow authentication bypass and command injection. The three vulnerabilities are listed below : CVE-2023-35138 (CVSS score: 9.8): There is a vulnerability that allows an attacker to …

Read More »

Secureworks reports
Booking.com hackers intensify attacks on customers

Booking.com

Booking.com, a major online travel agency, reported that customers have been targeted by hackers. While the agency’s systems are secure, online criminals have scammed many customers by stealing login credentials from the agency’s partner hotels. These criminals then pose as hotel staff to deceive customers. What have the online attacks …

Read More »

ownCloud alert 3 Critical Vulnerabilities Users to Data Breaches

ownCloud

The creators of the open-source file-sharing software ownCloud have alerted users about three serious security vulnerabilities. These flaws could allow attackers to access confidential information and make changes to files. Brief description of the vulnerabilities is as follows: Sensitive credentials and configuration in container deployments for graphapi versions 0.2.0 to …

Read More »

HTTP/2 Rapid Reset Attack
Cisco Patched Products Vulnerable to HTTP/2 Rapid Reset Attack

Cisco

A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. A new technique for launching distributed denial of service (DDoS) attacks has been discovered. It is identified as CVE-2023-44487 and has a high severity rating of 7.5. In addition, this vulnerability …

Read More »