security – Page 80 – Threat Note

From Cybersecurity Help – Citrix addresses high-risk Citrix NetScaler ADC and NetScaler Gateway bugs

Affected customers of NetScaler ADC and NetScaler Gateway are strongly advised to upgrade to the fixed versions. Read More

Samir K October 12, 2023

Vulnerabilities

From Cybersecurity Help – Magecart web skimmers hide in 404 error pages

The campaign is targeting an extensive list of Magento and WooCommerce websites. Read More

Samir K October 11, 2023

Vulnerabilities

From Cybersecurity Help – Nation-state hackers exploiting Atlassian Confluence zero-day bug

A threat actor known as Storm-0062 has been exploiting the bug since September 14. Read More

Samir K October 11, 2023

Vulnerabilities

From Cyber Security News – Nation-state Hackers Exploiting Confluence Zero-day Vulnerability

Microsoft has detected the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515 in the wild since September 14, 2023. The vulnerability was publicly disclosed on October…

Samir K October 11, 2023

Vulnerabilities

From Cybersecurity Help – Microsoft’s October 2023 Patch Tuesday fixes over 100 flaws, 2 zero-days

The vendor has also fixed an actively exploited vulnerability known as the HTTP/2 Rapid Reset attack. Read More

Samir K October 11, 2023

Vulnerabilities

From Cyber Security News – SAP Patches for XSS, Log Injection & Other Vulnerabilities

SAP has released the security patches for the Patch Day of October 2023, in which they release new Security Notes and 2 updates to the previously released Security Notes. There…

Samir K October 11, 2023

Vulnerabilities

From The Hacker News – Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two

Samir K October 11, 2023

Vulnerabilities

From The Hacker News – Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in

Samir K October 11, 2023

Vulnerabilities

From Dark Reading – Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug

October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons. Read More

Samir K October 10, 2023

Vulnerabilities

From Dark Reading – Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event

Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption. Read More

Samir K October 10, 2023

Vulnerabilities

From The Hacker News – HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,

Samir K October 10, 2023