Zeljka Zorz
New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)
Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on …
OSV-Scanner: A free vulnerability scanner for open-source software
After releasing the Open Source Vulnerabilities database (OSV.dev) in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source …
Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)
It’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by …
State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) …
Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group. “Fortinet …
Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)
A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the …
Apple unveils end-to-end encryption for iCloud backup, Photos, etc.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. Advanced Data Protection for iCloud “iCloud already …
Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new tools
Offensive Security has released Kali Linux 2022.4, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2022.4 Aside …
Rackspace Hosted Exchange outage was caused by ransomware
Rackspace has finally confirmed the cause of the ongoing outage of its Hosted Exchange service: it’s ransomware. “As you know, on Friday, December 2nd, 2022, we …
Attackers take over expired domain to deliver web skimming scripts
Attackers have taken over at least one expired domain that used to host a popular JavaScript library and used it to deliver web skimming scripts to a number of e-commerce …
Google Chrome zero-day exploited in the wild (CVE-2022-4262)
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the …
Rackspace Hosted Exchange service outage caused by security incident
Cloud computing company Rackspace has suffered a security breach that has resulted in a still ongoing outage of their Hosted Exchange environment. “In order to best …