Security News

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief...

Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. OwnCloud is an open-source file sync and sharing solution designed for individuals and organizations wishing to manage and share files through a self-hosted platform.

The Cybersecurity and Infrastructure Security Agency has announced a pilot program that aims to offer cybersecurity services to critical infrastructure entities as they have become a common target in cyberattacks. "In alignment with CISA's 'Target Rich, Resource Poor' strategy, our teams are working with critical infrastructure entities in the healthcare, water, and K-12 education sectors in our first phase of deployment. This year, we plan to deliver services to up to 100 entities," said Eric Goldstein, CISA's Executive Assistant Director for Cybersecurity.

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and...

Once the war in Ukraine ends, Russia's offensive cyber capabilities will be directed towards other targets, Rik Ferguson, VP Security Intelligence for Forescout, predicted at IRISSCON on Thursday. Russia's attack force consists of "Hackers in uniform", cybercriminals and hacktivists congregating in various Telegram channels, but the nation is also working on engaging ever more younger people in their cyber offensive campaigns.

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. "An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests." - Fortinet.

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation...

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS...

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. The auth bypass security flaw only affects appliances running VCD Appliance 10.5 that were previously upgraded from an older release.

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. "Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions."