exploit in wild – Qualys ThreatPROTECT

MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)

Posted by Diksha Ojha on June 2, 2023June 29, 2023

A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”

Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)

Posted by Diksha Ojha on December 7, 2021December 7, 2021

Malicious actors are actively exploiting a recently patched critical vulnerability in Zoho’s Desktop Central and Desktop Central MSP products. This is the third time in the last four months that a security vulnerability in one of its products has been exploited in the wild. Tracked as CVE-2021-44515, this is an authentication bypass vulnerability in ManageEngine … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)”

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities

Posted by Neelam Kadbane on June 29, 2021June 29, 2021

An old bug fixed by Cisco is again in the news for actively being exploited in the wild. Cisco had published an advisory cisco-sa-asaftd-xss-multiple-FCB3vPZe on 21st October 2020; to address the bug, CVE-2020-3580. About the Vulnerability This vulnerability exists due to insufficient validation of user-supplied input by the web service’s interface of an affected device. … Continue reading “Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities”

Two Zero-days in Google Chrome

Posted by Neelam Kadbane on November 12, 2020November 12, 2020

On November 11, 2020, Google Chrome issued an update announcement for the browser across all platforms. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.198 across Windows, Mac, and Linux platforms. As per Google’s official sources, this urgent update will start rolling out over the coming few days or weeks. About … Continue reading “Two Zero-days in Google Chrome”

Google Chrome Actively Attacked In the Wild

Posted by Neelam Kadbane on October 21, 2020October 30, 2020

On October 20, 2020, Google Chrome issued an update announcement for the browser across all platforms. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.111 across Windows, Mac, and Linux platforms. As per Google’s official sources, this urgent update will start rolling out over the coming few days or … Continue reading “Google Chrome Actively Attacked In the Wild”