Ivanti Connect Secure and Policy Secure are vulnerable to high-severity flaws (CVE-2024-21888 & CVE-2024-21893) that may lead to privilege escalation and arbitrary code execution on vulnerable systems. One of the flaws tracked as CVE-2024-21893 is being exploited in the wild. Ivanti mentioned in the advisory that they are aware of a few customers who have … Continue reading “Ivanti Releases Patch for Vulnerabilities Impacting Connect Secure and Policy Secure (CVE-2024-21888 & CVE-2024-21893)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
Jenkins Core Remote Code Execution Vulnerability (CVE-2024-23897)
Jenkins has addressed a critical severity vulnerability (CVE-2024-23897) affecting Jenkins Core. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on target systems. The vulnerability is being exploited in the wild. Many threat researchers have released the PoC for the vulnerability. CISA acknowledged the active exploitation of CVE-2024-23897 by adding it … Continue reading “Jenkins Core Remote Code Execution Vulnerability (CVE-2024-23897)”
Apple Releases Patch for Zero-day Vulnerabilities Used in Attack Against iOS and macOS (CVE-2024-23222, CVE-2023-42916, & CVE-2023-42917)
Threat actors are using CVE-2024-23222, CVE-2023-42916, and CVE-2023-42917 vulnerabilities in attacks against iOS and Macs. Apple has addressed the vulnerabilities in products such as Safari, iOS, iPadOS, macOS, watchOS, and tvOS. Along with the zero-day vulnerability, Apple has addressed multiple vulnerabilities affecting its popular products. CISA has added the CVE-2024-23222 to its Known Exploited Vulnerabilities Catalog, … Continue reading “Apple Releases Patch for Zero-day Vulnerabilities Used in Attack Against iOS and macOS (CVE-2024-23222, CVE-2023-42916, & CVE-2023-42917)”
Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)
CVE-2023-6548 and CVE-2023-6549 are the two vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway. On successful exploitation, the vulnerabilities may result in remote code execution and denial of service. Citrix has mentioned in the advisory that they have observed the exploitation attempts on vulnerable appliances. Citrix stated in the advisory, “This bulletin only applies to … Continue reading “Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)”
Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)
The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2023-7024)
Google has released a patch to address a high-severity vulnerability in the Chrome browser. Tracked as CVE-2023-7024, the vulnerability is being exploited in the wild. CVE-2023-7024 is a heap-based buffer overflow vulnerability in the open-source WebRTC framework. Many other web browsers, such as Mozilla Firefox, Safari, and Microsoft Edge, also use the WebRTC framework to … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2023-7024)”
CISA Added Two WebKit Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2023-42916 & CVE-2023-42917)
CISA has also acknowledged the active exploitation of two vulnerabilities in the Apple WebKit browser engine. CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog and requested users to patch it before Dec 25, 2023. Clément Lecigne of Google’s Threat Analysis Group has discovered the CVE-2023-42916 and CVE-2023-42917. Apple, in its advisory, has mentioned … Continue reading “CISA Added Two WebKit Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2023-42916 & CVE-2023-42917)”
Microsoft Patch Tuesday, November 2023 Security Update Review
Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for November 2023 In this month’s Patch Tuesday edition, Microsoft has addressed a total of 75 vulnerabilities, including five vulnerabilities known to be exploited … Continue reading “Microsoft Patch Tuesday, November 2023 Security Update Review”
CISA Warns of Service Location Protocol (SLP) Denial-of-Service Vulnerability (CVE-2023-29552)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an alert for a vulnerability in n the Service Location Protocol (SLP). Tracked as CVE-2023-29552, it has been given a high severity rating with a CVSS score of 7.8. Successful exploitation of the vulnerability will allow an attacker to launch a denial-of-service attack. CISA has … Continue reading “CISA Warns of Service Location Protocol (SLP) Denial-of-Service Vulnerability (CVE-2023-29552)”
CISA Added Adobe and Cisco vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2023-21608 & CVE-2023-20109)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged the active exploitation of two vulnerabilities. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog on Tuesday. CISA has recommended that users apply the vendor-released patches before October 31, 2023, to secure their networks against potential threats. The two vulnerabilities added by CISA are: CVE-2023-21608 CVE-2023-20109