Zeljka Zorz
PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)
An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin …
Microsoft Teams vulnerability allows attackers to deliver malware to employees
Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use …
Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435)
Apple has released patches for three zero-day vulnerabilities (CVE-2023-32434, CVE-2023-32435, CVE-2023-32439) exploited in the wild. The first two have been reported by …
VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)
CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being …
Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)
Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 …
A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)
Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web …
June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly …
PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE …
It’s time to patch your MOVEit Transfer solution again!
Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations …
Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997)
Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls and other devices, without mentioning that they include a fix for …
Cl0p announces rules for extortion negotiation after MOVEit hack
The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 …
0mega ransomware gang changes tactics
A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a …
Featured news
Resources
Don't miss
- The modern CISO is a cornerstone of organizational success
- Best practices for ensuring a secure browsing environment
- Kata Containers: Open-source container runtime, building lightweight VMs
- Why software is the key to FI risk management
- Hottest cybersecurity open-source tools of the month: December 2024