“Citrix Bleed”: massive exploitation of NetScaler vulnerability
The CVE-2023-4966 vulnerability for Citrix NetScaler ADC and NetScaler Gateway is currently being massively exploited. Meanwhile, this cyber threat is known as "Citrix Bleed". The exploits are taking place despite there being a patch released for it, several security specialists conclude.
In an ... Read more
How the MOVEit vulnerability has been making victims since May 2023
CCleaner confirms that hackers have captured customers' personal data. The theft occurred in May when the vulnerability in MOVEit was allegedly first exploited. This adds a new name to the ever-lengthening victim list.
Cybersecurity experts identified the first exploits of the MOVEit vulnerabil... Read more
Okta hack shows how vulnerable digital authentication is
In recent days, it has become clear how a hack on Okta has major implications for it's customers. The stolen data allows cybercriminals to log into customers' systems. In addition, it shows once again how vulnerable our digital identities are.
Earlier this week, Okta reported that data was stole... Read more
Patches for Citrix NetScaler are insufficient, more action needed
The vulnerabilities in Citrix NetScaler Gateway and NetScaler ADC cannot be fully resolved with the patches the company has released. It requires further steps, for which Mandiant has released a plan.
Recently, Citrix patched the very critical CVE-2023-4966 for NetScaler Gateway and NetScaler AD... Read more
New vulnerabilities found in NetScaler Gateway and ADC
Citrix has disclosed highly critical vulnerabilities in NetScaler Gateway and NetScaler ADC. The Dutch Ministry of Economic Affairs' Digital Trust Center advises users to implement these patches as soon as possible.
Citrix has released patches for the vulnerabilities in question. Both vulnerabil... Read more
Many users still haven’t patched critical Atlassian vulnerability
CVE-2023-22515 is causing a lot of headaches at Atlassian. The company already had a patch available on October 4th for a vulnerability in its own Confluence software, but many end users have yet to implement it. It is forcing CISA, the FBI and MS-ISAC to set up a joint advisory.
Atlassian Confl... Read more
Cisco warns of highly critical vulnerability in IOS XE software
Cisco is warning of a highly critical authentication vulnerability in its IOS XE software. It allows hackers to gain full admin privileges, taking over entire systems remotely.
Cisco discovered the highly critical vulnerability CVE-2023-20198 in its IOS XE operating system in late September. Thr... Read more
Thousands of hacked WordPress sites redirect visitors to scam sites
Thousands of WordPress websites have fallen victim to a hack on the tagDiv plug-in. Hackers infected this plug-in with the Balada Injector.
155,000 WordPress websites are working with the hacked plug-in, according to figures from EnvatoMarkets. The plug-in in question is necessary to obtain two... Read more
Vulnerability in GNU C Library’s dynamic loader threatens Linux distributions
Several Linux distributions are at risk of exploits due to a vulnerability discovered in the GNU C Library dynamic loader. This is according to several proof-of-concepts from security specialists.
Recently, security specialists at Qualys' Threat Research Unit discovered a critical vulnerability ... Read more
Microsoft patches zero-day vulnerabilities in Edge, Teams and Skype
Microsoft recently patched a number of zero-day vulnerabilities in its Edge browser, MS Teams for Desktop and Skype for Desktop, among others. These are vulnerabilities in the open-source libraries that the solutions use.
The first bug Microsoft has addressed has been labelled CVE-2023-4863. Thi... Read more