Security News > 2023 > October
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings...
Webinar It's a challenge to maintain the availability and security of mission critical data in today's environment. The traditional approach to meeting that challenge often involves complex multi-vendor solutions.
The Winter Vivern APT group has been exploiting a zero-day vulnerability in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. Roundcube is an open-source browser-based email client with application-like user interface.
In today's digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure...
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.
Their phishing messages impersonated the Outlook Team and tried to trick potential victims into opening malicious emails, automatically triggering a first-stage payload that exploited the Roundcube email server vulnerability. "The final JavaScript payload [.] is able to list folders and emails in the current Roundcube account, and to exfiltrate email messages to the C&C server."
VMware has fixed a critical out-of-bounds write vulnerability and a moderate-severity information disclosure flaw in vCenter Server, its popular server management software.CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual appliance to trigger an out-of-bounds write that can lead to remote code execution.
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS...
The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has...
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps administrators manage and monitor virtualized infrastructure.