Nearly 4,000 organizations still vulnerable to Log4Shell
About just over a third of enterprise applications that rely on Log4j libraries are still using a version vulnerable to Log4Shell.
That's according to figures from Veracode. Many companies still have not addressed the Log4j vulnerability in their applications, which has been known for two years,... Read more
VMware Cloud Director was vulnerable for two weeks without a patch
VMware Cloud Director Appliance version 10.5 has been vulnerable to attacks for two weeks because of a critical authentication leak. VMware has finally released a patch and workaround.
Two weeks ago, the critical vulnerability CVE-2023-34060 was discovered in the VMware Cloud Director Appliance,... Read more
Google signals actively exploited zero-day in Chrome browser
Google is warning Chrome users about an actively exploited zero-day vulnerability. A security update is available.
The tech giant discovered the CVE-2023-6345 vulnerability itself and marks it as very important. The bug affects the so-called Skia graphics engine. The Chrome browser uses this par... Read more
Citrix Bleed vulnerability exploited before it was even discovered
The scope of the Citrix Bleed vulnerability is likely larger than thought. New insight suggests that the vulnerability was exploited well before it was discovered and fixed in October this year. This is what CISA indicates to Bloomberg.
According to Bloomberg, a representative of U.S. cybersecur... Read more
Bug in WordPress plugin exposes 600,000 vulnerable websites
A plugin to make WordPress sites load faster is vulnerable to an SQL injection attack. WP Fastest Cache is deployed by more than a million websites. The majority of these sites (600,000) are still running a vulnerable version.
It's easy to see why WP Fastest Cache is so popular: its creators pro... Read more
Microsoft: ‘SysAid vulnerability exploited to spread Clop ransomware’
Microsoft is warning that a vulnerability in its SysAid system management software is being actively exploited. The vulnerability is used for spreading the well-known Clop ransomware.
A vulnerability in SysAid's system management software was recently discovered. The software vendor confirmed th... Read more
Recently discovered Atlassian Confluence vulnerability massively exploited
The latest vulnerability in Atlassian Confluence Server is already being massively exploited, security experts discovered. It is important to install the patch fast.
CVE-2023-22518, a vulnerability in the Atlassian Confluence Server, is being massively exploited. Several security specialists rep... Read more
“Citrix Bleed”: massive exploitation of NetScaler vulnerability
The CVE-2023-4966 vulnerability for Citrix NetScaler ADC and NetScaler Gateway is currently being massively exploited. Meanwhile, this cyber threat is known as "Citrix Bleed". The exploits are taking place despite there being a patch released for it, several security specialists conclude.
In an ... Read more
How the MOVEit vulnerability has been making victims since May 2023
CCleaner confirms that hackers have captured customers' personal data. The theft occurred in May when the vulnerability in MOVEit was allegedly first exploited. This adds a new name to the ever-lengthening victim list.
Cybersecurity experts identified the first exploits of the MOVEit vulnerabil... Read more
Okta hack shows how vulnerable digital authentication is
In recent days, it has become clear how a hack on Okta has major implications for it's customers. The stolen data allows cybercriminals to log into customers' systems. In addition, it shows once again how vulnerable our digital identities are.
Earlier this week, Okta reported that data was stole... Read more