A Chinese nation state hacking group is exploiting a zero-day flaw in Atlassian's Confluence Data Center and Server products as part a campaign spotted in mid-September, Microsoft researchers say. The company attributes the campaign to a Chinese nation-state hacking group designates Storm-0062.
Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Hackers have weaponized a zero-day in a popular workspace collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, Atlassian's Confluence Data Center and Server products, which serves millions of daily active users.
This week, Bitsight found a lot of internet-exposed industrial control systems, Apple issued new patches, Sony confirmed a data breach, Google and Yahoo tackled spam, Qualcomm patched three zero-days, Cisco revealed zero-day exploits in VPN, and the FBI warned of twin attacks.
A clutch of vulnerabilities in an open-source tool used by major corporations to scale up machine learning models could lead to remote takeover, says a cybersecurity firm in a warning downplayed by Meta, which co-manages the open-source project.
More than four dozen cybersecurity mavens say a proposed European Union mandate for software publishers to inform the trading bloc's cybersecurity agency of zero-day exploits within 24 hours of their discovery risks harming cybersecurity efforts.
Large enterprises, including government and educational organizations, are being warned to immediately update their WS_FTP Server, built by Progress Software, to fix serious flaws being actively exploited by attackers. Secure file transfer software remains a top target, especially for extortionists.
Progress Software is again sending customers on a scramble to install emergency patches, this time for its secure FTP server software. The advisory comes months after hackers took advantage of a zero-day in the company's MOVEit file transfer software in a hacking campaign affecting tens of millions.
Google rolled out an urgent Chrome browser security update to address a zero-day actively exploited by a commercial spyware vendor. The high-severity bug is the fifth zero-day patched by Chrome this year. Google did not provide details, only stating that it is aware of an exploit in the wild.
China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.
Microsoft's September dump of fixes addresses two actively exploited zero-day vulnerabilities, including one in Microsoft Word that has a proof-of-concept code available publicly. "Definitely put this one on the top of your test-and-deploy list," wrote Dustin Childs.
Google released a fix on Monday for a Chrome zero-day that allows an attacker to remotely target a vulnerable version of the browser. The bug is tracked as a heap buffer overflow in the WebP image format, which is specifically designed to optimize web images.
Multiple nation-state hacking groups have been exploiting known flaws in Zoho ManageEngine software and Fortinet firewalls to steal data, cybersecurity officials warn. A new alert details exploits of each vulnerability by separate groups that targeted the same aeronautical firm.
More than a one-fourth of Indian organizations suffered over $2 million in losses to cyberattacks in the past year as a result of a lack of skilled cybersecurity workforce and funds, according to a recent survey by cloud cybersecurity vendor Cloudflare.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.