vulnerabilities - The Stack (Page 5)

vulnerabilities

This critical vulnerability is an “open door into your network” and being exploited. Why didn’t RUCKUS Networks register a CVE?

CVE-2023-25717 is being exploited and affected products have been pulled into a new botnet...

MOVEit

As victim count mounts, a critical new MOVEit bug emerges - with US federal agencies compromised

Hackers "often breach the Department’s defensive perimeter and roam freely within our information systems"

Fortinet

MFA is no protection against this critical new Fortinet vulnerability, CVE-2023-27997

"It is a pre-auth RCE [and] has been proven to be exploitable in a consistent manner; we found it during a Red Team engagement and have exploited it remotely..."

News

UPDATED: File transfer software under active attack. Banks, gov't hit as CVE, new IOCs released

Admins should urgently modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443. (Also, can we start fuzzing for SQL Injection properly, please?)

Cybersecurity

Known exploited list: 15 million systems still exposed

... and probably shot to high heaven with malware.

Cybersecurity

As CVE-2023-23397 exploits proliferate, worry mounts

Security experts are warning that a critical Microsoft Outlook exploit is trivial to deploy and “will likely be leveraged imminently by actors for espionage purposes or financial gain” – after Ukrainian cybersecurity authorities disclosed CVE-2023-23397, a critical vulnerability that requires no user interaction to exploit. As The Stack reported, the critical