Tuesday , May 14 2024
CISA

CISA Flags 6 Vulnerabilities – Apple, Apache, Adobe , D-Link, Joomla Under Attack

infosecbulletin Wednesday , January 10 2024 Alert, Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six security vulnerabilities that are being actively exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

CVE-2023-27524 is a high-severity vulnerability in Apache Superset. It has a CVSS score of 8.9 and could allow remote code execution. The issue was resolved in version 2.1.

Bangladesh bank published CBS guideline Version 2.0

By infosecbulletin / Monday , May 13 2024
The banking industry in Bangladesh is the core driver in economic development of the country. The focus on inclusion and...
Read More
Bangladesh bank published CBS guideline Version 2.0

Fortinet report
Attackers exploiting vulnerabilities 50% faster, just 4.76 days

By infosecbulletin / Monday , May 13 2024
Fortinet reported that in the second half of 2023, the average time form the disclosure of a vulnerability to its...
Read More
Fortinet report Attackers exploiting vulnerabilities 50% faster, just 4.76 days

TechCrunch report
Indian gov.t sites compromised to plant online betting ads

By infosecbulletin / Sunday , May 12 2024
Indian government websites have been used by scammers to place ads that send visitors to online betting sites. TechCrunch found...
Read More
TechCrunch report Indian gov.t sites compromised to plant online betting ads

Damage Costs Predicted To Exceed $265 Billion By 2031
Ransomware expected to attack every 2 seconds by 2031

By infosecbulletin / Sunday , May 12 2024
Ransomware damage costs are predicted to exceed $265 billion by 2031, and it is expected to be the fastest growing...
Read More
Damage Costs Predicted To Exceed $265 Billion By 2031 Ransomware expected to attack every 2 seconds by 2031

ALERT CISA WARNS
Black Basta ransomware breached over 500 orgs worldwide

By infosecbulletin / Saturday , May 11 2024
CISA, FBI, HHS, and MS-ISAC released a joint Cybersecurity Advisory called #StopRansomware: Black Basta. It provides tactics, techniques, procedures, and...
Read More
ALERT CISA WARNS Black Basta ransomware breached over 500 orgs worldwide

Cyber Attack On Data Center Cooling Systems results disruption

By infosecbulletin / Saturday , May 11 2024
According to cybersecurity analysts at Dragos, while cloud adoption offers many benefits for industrial companies , it also poses certain...
Read More
Cyber Attack On Data Center Cooling Systems results disruption

Chrome Zero-Day Alert — Update Your Browser to Patch

By infosecbulletin / Friday , May 10 2024
Google released an urgent security update for Chrome browser. The update fixes a critical vulnerability that is already being exploited...
Read More
Chrome Zero-Day Alert — Update Your Browser to Patch

Dell Discloses Data Breach: 49 million customers allegedly affected

By infosecbulletin / Friday , May 10 2024
A security breach has been reported, with a threat actor claiming to be selling a database with 49 million customer...
Read More
Dell Discloses Data Breach: 49 million customers allegedly affected

BIG VULNERABILITIES IN NEXT-GEN BIG-IP

By infosecbulletin / Thursday , May 9 2024
Eclypsium recently found flaws in F5’s BIG-IP Next Central Manager, which could let attackers take control of the network. BIG-IP...
Read More
BIG VULNERABILITIES IN NEXT-GEN BIG-IP

UK confirms Ministry of Defence payroll data exposed in data breach

By infosecbulletin / Wednesday , May 8 2024
he UK government confirmed that hackers recently broke into the country's Ministry of Defence and accessed part of the Armed...
Read More
UK confirms Ministry of Defence payroll data exposed in data breach

In April 2023, Horizon3.ai’s Naveen Sunkavally revealed a problem with Apache Superset. The issue allows unauthorized attackers to remotely execute code, steal credentials, and compromise data.

It is currently unknown how the vulnerability is being exploited. CISA has also included five other flaws.

CVE-2023-38203 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

CVE-2023-29300 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

CVE-2023-41990 (CVSS score: 7.8) – Apple Multiple Products Code Execution Vulnerability

CVE-2016-20017 (CVSS score: 9.8) – D-Link DSL-2750B Devices Command Injection Vulnerability

CVE-2023-23752 (CVSS score: 5.3) – CVE-2023-41990, fixed in iOS 15.7.8 and iOS 16.3, was exploited by unknown actors in Operation Triangulation spyware attacks to execute code remotely via a specially crafted iMessage PDF attachment.

Federal agencies need to fix the mentioned bugs by January 29, 2024, to protect their networks from threats.

Check Also

Dell

Dell Discloses Data Breach: 49 million customers allegedly affected

A security breach has been reported, with a threat actor claiming to be selling a …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin