Security News > 2023 > October
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants. According to threat intelligence company VulnCheck, the maximum severity vulnerability has been extensively exploited in attacks targeting Cisco IOS XE systems with the Web User Interface feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect thousands of Cisco IOS XE devices with malicious implants. According to threat intelligence company VulnCheck, the maximum severity vulnerability has been extensively exploited in attacks targeting Cisco IOS XE routers and switches with the Web User Interface feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
US authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation. "Due to the ease of exploitation, CISA, FBI, and MS-ISAC expect to see widespread exploitation of unpatched Confluence instances in government and private networks."
According to complaints from Windows admins, the issue is triggered after installing KB5031361 and KB5031364 on Windows Server 2019 and Windows Server 2022 systems. When it released the buggy cumulative updates, the company revised the support document for KB5031364, including and removing a known issue related to VMware ESXi, describing boot issues encountered by guest VMs operating Windows Server 2022 with Secure Boot enabled.
Financial data is much more than just a collection of numbers; it is a crucial component of any business and a prime target for cybercriminals. It's important to understand that financial records...
Switzerland-not low stakes-uses online voting for national elections. Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count; and if thousands of voters' computers are hacked by malware, the malware can change votes as they are transmitted.
ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish "Malware delivery via fake browser updates" campaigns, Sekoia researchers have concluded. Subsequently downloaded payloads create an iframe element to host the fake update interface, download that interface, and the fake update content and HTML page.
Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark...
A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as CVE-2023-43261 (CVSS...
Sustainable aviation fuels made from sources other than fossil fuels have the potential to reduce emissions by up to 80 percent, UK researchers have found. Boffins from the National Centre for Atmospheric Science and the University of Manchester testing various blends of traditional jet fuel and SAF said preliminary data shows that airline travel might not such a guilty trip over pollution due to more efficient engine controls.