Security News > 2023 > January > Week in review: Critical git vulnerabilities, increasingly malicious Google Search ads
Cacti servers under attack by attackers exploiting CVE-2022-46169If you're running the Cacti network monitoring solution and you haven't updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw.
PoC for critical ManageEngine bug to be released, so get patching!If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they've been updated to a non-vulnerable version because Horizon3 will be releasing technical details and a PoC exploit this week.
Google ads increasingly pointing to malwareThe FBI has recently warned the public about search engine ads pushing malware diguised as legitimate software - an old tactic that has lately resulted in too many malicious ads served to users searching for software, cracked software, drivers - anything that can be downloaded, really - via Google and Bing.
Critical RCE vulnerabilities found in gitA source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development.
Post-quantum cybersecurity threats loom largeA new Zapata Computing report reveals a deepening commitment from enterprises that points to a maturing industry with widespread, global interest and increased urgency regarding post-quantum cybersecurity threats.
Techniques that attackers use to trick victims into visiting malicious contentIn this Help Net Security video, Ray Canzanese, Threat Research Director at Netskope, talks about the impact of two different types of harmful content: malware downloads and malicious web content.
News URL
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |