Microsoft left admin-to-kernel exploit in Windows untouched for half a year
Microsoft recently fixed an admin-to-kernel vulnerability in Windows, six months after security experts from Avast brought the problem to the attention of the company.
Hackers from the Lazarus Group, affiliated with the North Korean government, actively used the zero-day exploit. It involves the... Read more
Unpatched JetBrains TeamCity On-Premises servers attacked en masse
Hackers are massively exploiting vulnerabilities recently found in JetBrains' TeamCity On-Premises CI/CD platform. According to LeakIX and GreyNoise, as many as 1,400 of the 1,700 unpatched instances have been compromised.
The critical vulnerabilities CVE-2024-27198 and CVE-2024-27199 recently f... Read more
Lazarus Group strikes at kernel level via Windows AppLocker driver
Lazarus Group hackers broke into systems via a zero-day vulnerability in the Windows AppLocker driver and gained access at the kernel level. An enhanced version of their rootkit allowed them to disable security tools on affected systems.
According to Avast research, a zero-day vulnerability in t... Read more
Exploit provides access to Google accounts: password change doesn’t help
Several malware families can give hackers access to Google accounts. For this, the malware abuses an OAuth2 functionality provided by Google. It is not possible to lock out the hacker by changing the password of an affected account.
The Google OAuth2 endpoint MultiLogin would be exploitable for ... Read more
Recently discovered Atlassian Confluence vulnerability massively exploited
The latest vulnerability in Atlassian Confluence Server is already being massively exploited, security experts discovered. It is important to install the patch fast.
CVE-2023-22518, a vulnerability in the Atlassian Confluence Server, is being massively exploited. Several security specialists rep... Read more
Multiple browsers patch actively exploited zero-day
Chrome, Firefox, Microsoft Edge, Brave and Vivaldi web browsers are vulnerable to a zero-day exploit around the WebP image format. This vulnerability is reportedly already being actively exploited by hackers. Patches have since been implemented.
Several web browsers are vulnerable to the very cr... Read more
Fortinet and Microsoft lead list of most abused exploits of 2022
A flaw in Fortinet software is the most abused vulnerability of 2022, as a recent survey by U.S. security and cybersecurity agencies showed. Microsoft also grossed in the number of commonly abused exploits.
In their overview, the security services FBI, NSA and cybersecurity watchdog CISA indicat... Read more
AWS Systems Manager can be abused in novel way
Israeli security company Mitiga has found a new way to abuse AWS Systems Manager as a Remote Access Trojan (RAT).
AWS Systems Manager is normally intended to help DevOps engineers manage operating systems in EC2 instances aided by automation. However, it now appears that malicious actors with ad... Read more
Mandiant: ‘China deployed Barracuda vulnerability as spy tool’
According to Mandiant, Chinese state-sponsored hackers exploited the vulnerability in Barracuda ESG devices. The hackers created victims in at least 16 countries and a high number of government agencies were affected.
Mandiant was put in charge of investigating vulnerability CVE-2023-2868. Firs... Read more
Barracuda wants customers to replace vulnerable ESG devices
Barracuda Networks is facing a massive problem with its e-mail security products. All affected ESG appliances must be replaced, including those from customers who have already obediently installed a previously released patch.
Email Security Gateway (ESG) appliances from Barracuda may be affected... Read more