Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)

The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Exploited in the Wild (CVE-2023-20198)

Cisco is aware of the active exploitation of a privilege escalation vulnerability in Cisco IOS XE Software Web UI. Tracked as CVE-2023-20198, the vulnerability may allow a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. An attacker may use the compromised account to gain control of the … Continue reading “Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Exploited in the Wild (CVE-2023-20198)”

Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)

Google has released emergency updates to address a zero-day vulnerability in its Chrome browser. CVE-2023-5217 is a high-severity vulnerability that can lead to program crashes or arbitrary code execution. Google has mentioned in the advisory that the vulnerability is being exploited in the wild. Clément Lecigne of Google’s Threat Analysis Group (TAG) has discovered the … Continue reading “Google Addresses Actively Exploited Zero-day Vulnerability in Chrome Browser (CVE-2023-5217)”

Threat Actors Exploit WinRAR Zero-day Vulnerability in Attacks Targeting Crypto Accounts (CVE-2023-38831)

The threat actors are exploiting a zero-day vulnerability in WinRAR to install malware. Tracked as CVE-2023-38831, the vulnerability may allow threat actors to hide malicious code in zip archives posing as “.jpg,” “.txt,” and other file formats. In addition, the vulnerability may also allow the threat actors to go ahead and distribute this code in … Continue reading “Threat Actors Exploit WinRAR Zero-day Vulnerability in Attacks Targeting Crypto Accounts (CVE-2023-38831)”

Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)

Attackers exploit two Adobe ColdFusion vulnerabilities to bypass authentication and perform remote code execution. CVE-2023-29298 and CVE-2023-38203 can be chained to conduct attacks on Adobe ColdFusion environments. CISA has added CVE-2023-29298 and CVE-2023-38205 to its Known Exploited Vulnerabilities Catalog, recommending users patch before August 10. On January 8, 2024, CISA added the CVE-2023-29300 and CVE-2023-38203 … Continue reading “Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)”

Apple Patches Actively Exploited Zero-day Vulnerabilities in iOS and iPadOS (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)

Apple has released multiple security advisories to address vulnerabilities in macOS, Safari, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of a report that the vulnerabilities may have been actively exploited. CVE-2023-32434 and CVE-2023-32435 were discovered by Georgy Kucherin, Leonid Bezvershenko, and Boris Larin of Kaspersky, while CVE-2023-32439 was reported to … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerabilities in iOS and iPadOS (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)”

Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)

Google released security updates to address a zero-day vulnerability in the widely used web browser Chrome. Google has given CVE-2023-3079 a high severity rating. The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group. Google is aware of the active exploitation of the vulnerability. The advisory provides no information regarding the other vulnerability … Continue reading “Google Chrome Type Confusion Zero-day Vulnerability Exploited in the Wild (CVE-2023-3079)”

PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)

PaperCut, a print manager software, has a remote code execution vulnerability that is being actively exploited. CVE-2023-27350 has been rated as critical with a CVSS Base Score of 9.8. Successful exploitation of the vulnerability allows unauthenticated attackers to perform remote code execution to compromise the vulnerable PaperCut application server. The vendor mentioned in the advisory … Continue reading “PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)”

Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2022-21587)

A critical remote code execution vulnerability in the Oracle E-Business suite is being exploited in the wild shortly after proof-of-concept (PoC) was published. Tracked as CVE-2022-21587, the vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system. It has been rated critical and given a CVSSv3 base score of 9.8.   … Continue reading “Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2022-21587)”

Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)

Apple has released an update to address an actively exploited zero-day vulnerability in WebKit. Tracked as CVE-2022-42856, this is a type confusion vulnerability that could allow arbitrary code execution on a vulnerable device.    Clément Lecigne of Google’s Threat Analysis Group has discovered this vulnerability. The advisory says, “This issue may have been actively exploited … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)”