Vulnerabilities

The Cyber Threat Intelligence team of BGD e-GOV CIRT has issued a warning about ongoing attacks using two zero-day vulnerabilities in Cisco’s IOS XE Software web UI feature. Successful exploitation attempts have been observed against organizations in Bangladesh. This advisory is intended for IT teams responsible for configuring and managing …

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. VMware Aria Operations for Logs contains an authentication bypass vulnerability VMware has evaluated the severity of this issue to be in the Important Severity Range with a maximum CVSSv3 base score of 8.1. An unauthenticated, malicious actor …

Cisco plans to release a patch for two zero-day flaws in its IOS XE devices on October 22. The first Cisco zero-day bug, which is named CVE-2023-20198, was reported on Oct. 16. By the time it was found, it had already been used by attackers to compromise over 10,000 Cisco …

Orange’s CERT Coordination Center discovered over 34.5K Cisco IOS XE devices compromised in CVE-2023-20198 attacks. Hackers have used a newly discovered and very serious software vulnerability to hack and infect more than 10,000 Cisco IOS XE devices with harmful software. VulnCheck, a threat intelligence company, reported that a severe vulnerability …

Cisco has discovered a vulnerability in the web UI feature of Cisco IOS XE Software. This vulnerability allows remote attackers to create an account with high privileges on an affected system. They can then use this account to take control of the system. For steps to close the attack vector …

Thanks to improvements in security mechanisms and mitigations, hacking cell phones — both running iOS and Android — has become an expensive endeavor. That’s why hacking techniques for apps like WhatsApp are now worth millions of dollars, TechCrunch has learned. Last week, a Russian company that buys zero-days — flaws …

Apple released security updates on Wednesday to fix a new vulnerability in iOS and iPadOS. This vulnerability is being actively exploited by attackers. According to Aplle support page, the company traced two CVE as CVE-2023-42824 and CVE-2023-5217 for iOS 17.0.3 and iPadOS 17.0.3. According to Apple, Kernel Available for: iPhone …

ZeroFont Phishing is a new yet old technique for sending Phishing emails. It allows threat actors to bypass security mechanisms and successfully send phishing emails. Using this technique, attackers were able to evade Microsoft’s Natural Language Processing, which was serving as portion against phishing emails for Office users. Office 365 …

Air Canada, the national airline of Canada, has acknowledged a “brief” breach in its security controls. Air Canada confirmed that an incident occurred, but they did not give details about when or how much personal information was accessed by the attacker. “An unauthorized group briefly obtained limited access to an …

Bassem Bazzoun, a security researcher awarded for $25,300 and ranked 2nd place on the conference Leaderboard for discovering a Two-Factor Authentication bypass in Facebook during Meta bug bounty Researchers conference in Seoul, South Korea, 2023. If you’re curious about the technical details of how he managed to bypass Facebook’s two-factor …