Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active...

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday added a high-severity flaw in the Service Location Protocol to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552, the issue relates to a denial-of-service vulnerability that could be weaponized to launch massive DoS amplification attacks.

The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian. This critical Apache JServ Protocol smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility last week.

Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler Gateway, is now under "Mass exploitation," as thousands of Citrix NetScaler instances remain vulnerable, according to security teams. In the past week, GreyNoise observed 137 individual IP addresses attempting to exploit this Citrix vulnerability.

CVE-2023-4966, aka "Citrix Bleed", a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors.Threat actors have been quick to leverage vulnerabilities in Citrix NetScaler ADC in the past, and this vulnerability is obviously no exception.

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation. She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn't the solution.

Google's Threat Analysis Group, a team of security experts who defend Google users from state-sponsored attacks, has detected state hackers from several countries targeting the bug, including the Sandworm, APT28, and APT40 threat groups from Russia and China. In an early September attack, Russian Sandworm hackers delivered Rhadamanthys infostealer malware in phishing attacks using fake invitations to join a Ukrainian drone training school.

Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. Google's Threat Analysis Group, a team of security experts who defend Google users from state-sponsored attacks, has detected state hackers from several countries targeting the bug, including the Sandworm, APT28, and APT40 threat groups from Russia and China.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while...

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws,...