Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)...

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting...

Network-attached storage specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November. Unit 42's assessment, on the other hand, was the polar opposite: "These remote code execution vulnerabilities affecting IoT devices exhibit a combination of low attack complexity and critical impact, making them an irresistible target for threat actors. As a result, protecting IoT devices against such threats is an urgent task."

CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities catalog. CVE-2023-43770 is a vulnerability that allows attackers to mount cross-site scripting attacks through specially crafted links in plain text email messages.

Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's...

In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of CVE-2024-22024 - the latest in a series of vulnerabilities affecting Ivanti gateways as the vendor continues to develop patches for supported versions.

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked...

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code execution attacks that don't require user interaction.

Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account. The newly fixed flaw is tracked as CVE-2024-23832 and stems from insufficient origin validation in Mastodon, allowing attackers to impersonate users and take over their accounts.

The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in...