US-CERT Vulnerability Summary for the Week of October 16, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformAffected 1E Platform versions have a Blind SQL Injection vulnerability...
News
iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs
A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and...
Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw
Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw...
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a...
Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest...
The Danger of Forgotten Pixels on Websites: A New Case Study
While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and...
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are...
YoroTrooper: Researchers Warn of Kazakhstan’s Stealthy Cyber Espionage Group
A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan. The assessment, which comes...
VMware fixes critical code execution flaw in vCenter Server
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks...
European govt email servers hacked using Roundcube zero-day
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and...
Ransomware isn’t going away – the problem is only getting worse
As the world moves steadily to becoming more and more digital, organizations worldwide become increasingly dependent on IT systems to...
Citrix Bleed exploit lets hackers hijack NetScaler accounts
A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication...
Seiko says ransomware attack exposed sensitive customer data
Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware attack earlier this year, warning that the incident has...
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services. Grupo...
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking...
Flipper Zero can now spam Android, Windows users with Bluetooth alerts
A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and...
Small Businesses Suffer Record Number of Cyber-Attacks
Nearly three-quarters (73%) of US small business owners reported a cyber-attack last year, with employee and customer data most likely...
AI to Create Demand for Digital Trust Professionals, ISACA Survey Finds
Artificial intelligence (AI) adoption has skyrocketed in 2023 and some fear that this will make some jobs obsolete, but ISACA...
AWS: Security Not a Priority For a Third of SMBs
Cybersecurity is not a strategic priority for 35% of SMBs considering cloud migration, Amazon Web Services (AWS) has revealed.The cloud...
Seiko “BlackCat” Data Breach: 60,000 Records on the Line
Seiko Group Corporation (SGC) has recently confirmed the extent of a data breach that it disclosed initially in August. The...
Purchase Scams Surge as Fraud Losses Hit £580m
Authorised push payment (APP) fraud continues to be a major headache for the UK banking industry and its customers, contributing...
Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers
ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability...
US-CERT Vulnerability Summary for the Week of October 16, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformAffected 1E Platform versions have a Blind SQL Injection vulnerability...
Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio,...
