Author name: Biswajit Pradhan

CISA Adds One Known Exploited Vulnerability to Catalog

Vulnerability / / Leave a Comment

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35082 Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the […]

CISA Adds One Known Exploited Vulnerability to Catalog Read More »

Citrix Releases Security Updates for NetScaler ADC and NetScaler Gateway

Vulnerability / / Leave a Comment

Citrix released security updates to address vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in NetScaler ADC and NetScaler Gateway. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Citrix CTX584986 Security Bulletin and apply the necessary updates. This content is being syndicated from

Citrix Releases Security Updates for NetScaler ADC and NetScaler Gateway Read More »

Oracle Releases Critical Patch Update Advisory for January 2024

Vulnerability / / Leave a Comment

Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s January 2024 Critical Patch Update Advisory and apply the necessary updates. This content is being

Oracle Releases Critical Patch Update Advisory for January 2024 Read More »

AVEVA PI Server | CISA

Vulnerability / / Leave a Comment

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Server Vulnerabilities: Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the product being accessed or throttle the memory

AVEVA PI Server | CISA Read More »

Docker hosts hacked in ongoing website traffic theft scheme

Vulnerability / / Leave a Comment

A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. 9hits is a web traffic exchange platform where members can drive traffic to each others’ sites. This traffic is generated by a 9hits viewer app that is installed on members’ devices,

Docker hosts hacked in ongoing website traffic theft scheme Read More »

Atlassian outage affecting multiple cloud services

Vulnerability / / Leave a Comment

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. Atlassian Jira services down BleepingComputer can confirm that Jira services are experiencing connection issues since this morning, at least as of 3:45 AM Eastern time.

Atlassian outage affecting multiple cloud services Read More »

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

Vulnerability / / Leave a Comment

A new vulnerability dubbed ‘LeftoverLocals’ affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. Tracked as CVE-2023-4969, the security issue enables data recovery from vulnerable GPUs, especially in the context of large language models (LLMs) and machine learning (ML) processes. LeftoverLocals was discovered by Trail of Bits

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks Read More »

iShutdown scripts can help detect iOS spyware on your iPhone

Vulnerability / / Leave a Comment

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. Kaspersky released Python scripts to help automate the process of analyzing the Shutdown.log file and recognize potential signs of malware infection in a way that is easy

iShutdown scripts can help detect iOS spyware on your iPhone Read More »

CISA pushes federal agencies to patch Citrix RCE within a week

Vulnerability / / Leave a Comment

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack

CISA pushes federal agencies to patch Citrix RCE within a week Read More »

Bigpanzi botnet infects 170,000 Android TV boxes with malware

Vulnerability / / Leave a Comment

A previously unknown cybercrime syndicate named ‘Bigpanzi’ has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a large-scale botnet of approximately 170,000 daily active bots. However, the researchers have seen 1.3 million unique IP addresses associated with

Bigpanzi botnet infects 170,000 Android TV boxes with malware Read More »

Scroll to Top