Tag: exploit

Here you will find all the articles with the tag: exploit.

Unpatched JetBrains TeamCity On-Premises servers attacked en masse

Unpatched JetBrains TeamCity On-Premises servers attacked en masse

Hackers are massively exploiting vulnerabilities recently found in JetBrains' TeamCity On-Premises CI/CD platform. According to LeakIX and GreyNoise, as many as 1,400 of the 1,700 unpatched instances have been compromised. The critical vulnerabilities CVE-2024-27198 and CVE-2024-27199 recently f... Read more

date22 days ago
Lazarus Group strikes at kernel level via Windows AppLocker driver

Lazarus Group strikes at kernel level via Windows AppLocker driver

Lazarus Group hackers broke into systems via a zero-day vulnerability in the Windows AppLocker driver and gained access at the kernel level. An enhanced version of their rootkit allowed them to disable security tools on affected systems. According to Avast research, a zero-day vulnerability in t... Read more

date29 days ago
Multiple browsers patch actively exploited zero-day

Multiple browsers patch actively exploited zero-day

Chrome, Firefox, Microsoft Edge, Brave and Vivaldi web browsers are vulnerable to a zero-day exploit around the WebP image format. This vulnerability is reportedly already being actively exploited by hackers. Patches have since been implemented. Several web browsers are vulnerable to the very cr... Read more

date7 months ago
Fortinet and Microsoft lead list of most abused exploits of 2022

Fortinet and Microsoft lead list of most abused exploits of 2022

A flaw in Fortinet software is the most abused vulnerability of 2022, as a recent survey by U.S. security and cybersecurity agencies showed. Microsoft also grossed in the number of commonly abused exploits. In their overview, the security services FBI, NSA and cybersecurity watchdog CISA indicat... Read more

date8 months ago
AWS Systems Manager can be abused in novel way

AWS Systems Manager can be abused in novel way

Israeli security company Mitiga has found a new way to abuse AWS Systems Manager as a Remote Access Trojan (RAT). AWS Systems Manager is normally intended to help DevOps engineers manage operating systems in EC2 instances aided by automation. However, it now appears that malicious actors with ad... Read more

date8 months ago
Mandiant: ‘China deployed Barracuda vulnerability as spy tool’

Mandiant: ‘China deployed Barracuda vulnerability as spy tool’

According to Mandiant, Chinese state-sponsored hackers exploited the vulnerability in Barracuda ESG devices. The hackers created victims in at least 16 countries and a high number of government agencies were affected. Mandiant was put in charge of investigating vulnerability CVE-2023-2868. Firs... Read more

date10 months ago
Barracuda wants customers to replace vulnerable ESG devices

Barracuda wants customers to replace vulnerable ESG devices

Barracuda Networks is facing a massive problem with its e-mail security products. All affected ESG appliances must be replaced, including those from customers who have already obediently installed a previously released patch. Email Security Gateway (ESG) appliances from Barracuda may be affected... Read more

date10 months ago
1 2