Tag: Exploitation
-
The Register: CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Source URL: https://www.theregister.com/2024/10/10/cisa_ivanti_fortinet_vulns/ Source: The Register Title: CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Feedly Summary: Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in…
-
The Register: Mozilla patches critical Firefox vuln that attackers are already exploiting
Source URL: https://www.theregister.com/2024/10/10/firefixed_mozilla_patches_critical_firefox/ Source: The Register Title: Mozilla patches critical Firefox vuln that attackers are already exploiting Feedly Summary: Firefixed: It’s maintenance time for low-complexity, high-impact security flaw It’s patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.… AI Summary and Description: Yes Summary:…
-
Slashdot: Chinese Hack of US ISPs Show Why Apple Is Right About Backdoors
Source URL: https://apple.slashdot.org/story/24/10/10/025236/chinese-hack-of-us-isps-show-why-apple-is-right-about-backdoors?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Chinese Hack of US ISPs Show Why Apple Is Right About Backdoors Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant cybersecurity incident involving Chinese hackers accessing U.S. ISPs’ systems, which were compromised due to security backdoors created for law enforcement wiretaps. This situation emphasizes…
-
Hacker News: Mozilla fixes Firefox zero-day actively exploited in attacks
Source URL: https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/ Source: Hacker News Title: Mozilla fixes Firefox zero-day actively exploited in attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: Mozilla has released an emergency update for Firefox to patch a serious use-after-free vulnerability (CVE-2024-9680) that is actively exploited by attackers. This flaw allows unauthorized code execution due to improper memory…
-
The Register: Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware
Source URL: https://www.theregister.com/2024/10/09/goldenjackal_custom_malware/ Source: The Register Title: Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware Feedly Summary: USB sticks help, but it’s unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of…
-
Cisco Talos Blog: Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project
Source URL: https://blog.talosintelligence.com/vulnerability-roundup-foxit-gnome-oct-9-2024/ Source: Cisco Talos Blog Title: Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project Feedly Summary: Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. AI Summary and Description: Yes Summary:…
-
Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) OS Command Injection…