Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed'...
Month: November 2023
Auto parts giant AutoZone warns of MOVEit data breach
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop...
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root...
CISA: CISA Releases Fourteen Industrial Control Systems Advisories
CISA Releases Fourteen Industrial Control Systems Advisories CISA released fourteen Industrial Control Systems (ICS) advisories on November 16, 2023. These...
CISA: FBI and CISA Release Advisory on Scattered Spider Group
FBI and CISA Release Advisory on Scattered Spider Group Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and...
CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: Citrix Releases Security Updates for Citrix Hypervisor
Citrix Releases Security Updates for Citrix Hypervisor Citrix has released security updates addressing vulnerabilities in Citrix Hypervisor 8.2 CU1 LTSR....
CISA: CISA Requests Comment on Draft Secure Software Development Attestation Form
CISA Requests Comment on Draft Secure Software Development Attestation Form CISA has opened a 30-day Federal Register notice to receive...
CISA: CISA Releases Five Industrial Control Systems Advisories
CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on November 21, 2023. These...
CISA: CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed
CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed Today, the Cybersecurity and Infrastructure Security...
CISA: CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector
CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector Today, CISA released the Mitigation Guide: Healthcare and Public...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Juniper Releases Security Advisory for Juniper Secure Analytics
Juniper Releases Security Advisory for Juniper Secure Analytics Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure...
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression...
US-CERT Vulnerability Summary for the Week of November 13, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocheckpoint -- endpoint_securityLocal attacker can escalate privileges on affected installations of Check...
CureIAM – Clean Accounts Over Permissions In GCP Infra At Scale
Clean up of over permissioned IAM accounts on GCP infra in an automated way CureIAM is an easy-to-use, reliable, and...
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install...
Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed...
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems...
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
The China-linked Mustang Panda actor has been linked to a cyber attack targeting a Philippines government entity amid rising tensions...
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information...
HackerOne Bug Bounty Disclosure: b-html-injection-in-search-ui-when-selecting-a-circle-with-html-in-the-display-name-b-cx-fa
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'cx75fa'Link to Submitters Profile:https://hackerone.com/b'cx75fa' Report Title:b'HTML injection in search UI when selecting...
HackerOne Bug Bounty Disclosure: b-user-ldap-app-logs-user-passwords-in-the-log-file-on-level-debug-b-alacn
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'alacn1'Link to Submitters Profile:https://hackerone.com/b'alacn1' Report Title:b'user_ldap app logs user passwords in the...
HackerOne Bug Bounty Disclosure: b-delete-external-storage-of-any-user-b-cx-fa
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'cx75fa'Link to Submitters Profile:https://hackerone.com/b'cx75fa' Report Title:b'Delete external storage of any user'Report Link:https://hackerone.com/reports/2212627Date...
