vulnerability
Email forwarding flaws enable attackers to impersonate high-profile domains
Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by …
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access …
Old vulnerabilities are still a big problem
A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote …
Atlas VPN zero-day allows sites to discover users’ IP address
Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day …
VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)
VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network …
Ransomware group exploits Citrix NetScaler systems for initial access
A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as …
Easy-to-exploit Skype vulnerability reveals users’ IP address
A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose …
Is the cybersecurity community’s obsession with compliance counter-productive?
Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK …
PoC for no-auth RCE on Juniper firewalls released
Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow …
Uncovering a privacy-preserving approach to machine learning
In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and …
Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure …
Does a secure coding training platform really work?
As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We …