Security News

Zero-day exploitation surged in 2023, Google finds

2024-03-28 15:11

2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries and drivers, as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from Google's recent rundown of the 97 zero-days exploited in-the-wild in 2023 is that there's a notable increase in targeting enterprise-specific technologies.

#exploitation #google #zeroday

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

2024-03-26 04:54

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation....

#cisa #exploitation #fortinet #ivanti #CVE-2023-48788 #CVE-2021-44529

API environments becoming hotspots for exploitation

2024-03-20 04:00

Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%. APIs are vital to most organizations because they improve both employee and customer experiences. Cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation.

#API #exploitation

Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities

2024-03-01 06:26

The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure...

#exploitation #gateway #ivanti #vulnerabilities

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

2024-02-15 05:19

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...

#critical #CVE #exchange #exploitation #server #CVE-2024-21410

Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

2024-02-09 07:45

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the...

#critical #exploitation #fortinet #fortios #SSL #VPN #CVE-2024-21762

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

2024-02-06 06:58

A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver...

#exploitation #ivanti #ssrf #VPN #CVE-2024-21893

Newest Ivanti SSRF zero-day now under mass exploitation

2024-02-05 15:55

An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. The exploitation volume of this particular vulnerability is far greater than that of other recently fixed or mitigated Ivanti flaws, indicating a clear shift in the attackers' focus.

#exploitation #ivanti #ssrf #zeroday #CVE-2024-21893

CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability

2024-02-01 05:02

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities...

#apple #cisa #exploitation #IOS #macos #vulnerability #CVE-2022-48618

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

2024-01-31 13:38

Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of...

#exploitation #ivanti #zeroday #CVE-2024-21888

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News