Download Google Chrome 114.0.5735.1108/24/2023 Zyxel, a networking device manufacturer based in Taiwan, is strongly advising customers to update the firmware of their ATP, USG Flex, VPN, and ZyWALL/USG firewall devices.Ī remote command injection vulnerability exists in the Barracuda Email Security Gateway product effecting versions 5.1.3.001.ĬISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available Zyxel Encourages Firmware Updates to Protect Firewalls from Exploited Vulnerabilities Microsoft has recently attributed the exploitation of the CVE-2023-34362 zero-day vulnerability in the MOVEit Transfer platform to the Clop ransomware gang, also known as Lace Tempest. KeePass has recently launched version 2.54, which addresses the CVE-2023-3278 vulnerability.Ĭlop Ransomware Gang Linked to MOVEit Data-Theft Attacks by Microsoft KeePass v2.54 Update Addresses Master Password Leakage Bug Google has issued a security update for its Chrome web browser, addressing the third zero-day vulnerability that has been exploited in 2023. Google Addresses Third Chrome Zero-Day Exploit in 2023 Numerous prominent organizations have reported being affected by the recent MOVEit Transfer zero-day attack, with well-known companies such as BBC, British Airways, and Zellis among the victims. Major Companies Affected by MOVEit Zero-Day Attack Google has recently rolled out its monthly security update for the Android platform, which includes fixes for a total of 56 vulnerabilities. VMware has issued multiple security patches to address critical and high-severity vulnerabilities in its network visibility and analytics tool, VMware Aria Operations for Networks, formerly known as vRealize Network Insight (vRNI).Īndroid Update Addresses Mali GPU Bug Exploited as Zero-Day VMware Patches Critical Vulnerability in vRealize Network Analytics Tool Windows Win32k Bug PoC Released: Actively Exploited VulnerabilityĪ proof-of-concept (PoC) exploit has been made public for a Windows local privilege escalation vulnerability that has been actively exploited.Ĭritical Vulnerability in Cisco Enterprise Solutions PatchedĬisco has announced the release of patches for a critical-severity vulnerability found in its Expressway series and TelePresence Video Communication Server (VCS) enterprise collaboration and video communication solutions.īarracuda Urges Immediate Replacement of Hacked ESG AppliancesĮmail and network security company Barracuda is urging customers to immediately replace their hacked Email Security Gateway (ESG) appliances, which were targeted in attacks exploiting a now-patched zero-day vulnerability.Ĭisco Addresses High-Severity Bug in Secure Client SoftwareĬisco has recently fixed a high-severity vulnerability found in its Cisco Secure Client (previously known as An圜onnect Secure Mobility Client) software. Kroll security experts have discovered that the Clop ransomware gang has been seeking ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021. Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.Ĭlop Ransomware Exploiting MOVEit Zero-Day Since 2021 Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |