News
Academics warn over "problematic metrics and documentation" in CVSS system
A study out of Germany has highlighted shortcomings in the CVSS system and the way security vulnerabilities are assessed and scored
News
Subdomain hijacking holes run rampant, say experts
The little-known hacking technique of subdomain hijacking is threatening thousands of sites and their visitors despite efforts to eradicate
News
Adobe patch nightmare: Trio of application server vulnerabilities being exploited
Want to let criminals “query your databases, add/change/delete files, export data or files off your server”? No, then you should probably be paying close attention to whether you are running Adobe ColdFusion and if you are exposed...
News
MobileIron under active attack, admins warned to update
Ivanti is warning of attacks on its MobileIron platform due to improper handling of APIs
vulnerabilities
CVE for “Damn Vulnerable Web Application” rejected after troubling, bemusing hackers
"To the 731 people who have DVWA exposed to the internet, I apologise for CVE-2023-39848, I recommend you temporarily remove them from the internet till I can create a patch."
News
When airplane mode isn't airplane mode: iOS malware spoofs standby
Researchers say that iOS can be manipulated to create a phony "airplane mode" that allows for the background transmission of data
vulnerabilities
Citrix ShareFile vulnerability being exploited amid warnings of a “huge spike” in attacks
Pre-auth RCE in Citrix ShareFile has the potential to be the next MOVEit, or Accellion, or GoAnywhere, or Aspera Faspex, or...
cybersecurity
Most exploited vulnerabilities 2022: Five Eyes’ list of CVEs comes with a twist in the tail
Two CVEs dominate attack traffic and one will look very familiar: So will six others...
Citrix
Citrix zero day used to attack critical infrastructure -- IOCs and detections now available
Attackers dropped a webshell, collected and exfiltrated Active Directory data, then ran into some healthy obstacles...
Citrix
Critical pre-auth RCE Citrix Gateway vulnerability is under active attack and looks bad
There are approximately 38,000 Citrix Gateway appliances exposed to the public internet and a whole host of internet traffic flows through Citrix ADC...
sonicwall
Critical SonicWall vulnerabilities "extremely attractive" - central firewall hub needs urgent patching
Multiple critical unauthenticated SQL injection bugs and hard-coded credentials as well as command injection, and file upload bugs need urgent patching.
MOVEit
Fuzzy Thinking: Yet more critical SQL Injection bugs in MOVEIt Transfer
You're tired? Everyone's tired. Just patch promptly please.