A critical zero-day vulnerability has been confirmed to be actively exploited by state-backed attackers to gain access to corporate networks. The National Security Agency (NSA), a branch of the US Government, have released a cybersecurity advisory to help organisations detect and mitigate attacks that exploit this vulnerability. Products affected by this flaw are Citrix ADC […]
Citrix Zero-Day Vulnerability Actively Exploited Read More »
A critical vulnerability in FortiOS SSL-VPN has been confirmed to be exploited in the wild by Fortinet. FortiGuard Labs, the threat and research branch of Fortinet, have published a security advisory this week warning users to immediately validate their systems against the list of indicators of compromise (IoC) which can be found in the security
Critical RCE Vulnerability Exploited in FortiOS Read More »
An update for NVIDIA GPU Display Driver was recently released, addressing 26 different security vulnerabilities, eight of which are considered high-severity flaws with a CVSS base score of between 7.1 and 8.8. Four vulnerabilities were also patched in the NVIDIA VGPU Software, 3 of which were also high-severity flaws. Last week, the Cisco Talos Intelligence
High Severity NVIDIA Driver Vulnerabilities Patched Read More »
Distributed Denial of Service (DDoS) attacks are on the rise, with the second half of 2021 showing a 43% increase in attacks since the first half of the same year. The Microsoft Digital Defence Report for 2022 shows that so far in 2022 Microsoft have mitigated nearly 2000 DDoS attacks each day. This report also
The Threat of Holiday DDoS Attacks Read More »
High severity zero-day vulnerability has been found in Google Chrome for Desktop, causing Google to release their ninth emergency update so far this year to patch it. Users of Chrome on Windows, Mac, and Linux should update to the latest version of this browser, which is version 108.0.5359.94 for Mac and Linux, and version(s) 108.0.5359.94/.95
New Exploited Google Chrome Zero-Day Vulnerability Read More »
Three Android apps with over 2 million combined downloads have been found to have critical vulnerabilities that could result in remote code execution. These applications, Lazy Mouse, Telepad, and PC Keyboard, act as a remote keyboard or mouse for a desktop or laptop computer from the Android device they are installed on. Seven different vulnerabilities
Remote Code Execution Flaws in Keyboard Apps Read More »
A high-severity vulnerability that could allow changes to the Secure Boot settings on laptop devices has been identified on multiple models of Acer Notebooks. The affected models are Acer Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. This vulnerability has been identified by an ESET malware researcher and is being fixed by Acer
Acer Vulnerability Disables Secure Boot Settings Read More »
Google Chrome has released an emergency update to patch a critical severity vulnerability present in the Chrome desktop app. Microsoft have also alerted customers that the chromium-based browser Microsoft Edge also contains this vulnerability in both Windows and Mac versions of the desktop app. This has been given a high severity rating by Google and
Exploited Chromium Vulnerability in Chrome and Edge Read More »
Two critical severity vulnerabilities have been identified in Atlassian products Crowd, and Bitbucket Server and Data Center. Security advisories were released by Atlassian for each product detailing the severity, affected versions, and mitigation steps. The Atlassian Crowd Server and Data Center vulnerability affects all versions released after Crowd 3.0.0, however version 3.0.0 itself is an
Critical Severity Vulnerabilities in Atlassian Products Read More »
A critical vulnerability is being exploited in Magento 2 and Adobe Commerce sites for online retailers. Attackers are sending trojan orders to the target website and are hiding their attacks by using the increase in online purchases around the time of Black Friday and Cyber Monday sales, and in the holiday shopping period in general.
TrojanOrder Attacks Target Online Retailers Read More »