The notorious peer-to-peer (P2P) botnet known as FritzFrog has resurfaced with a new variant exploiting the critically recognized Log4Shell vulnerability. This sophisticated malware aims to propagate internally within networks that have already suffered compromises. According to a report by Akamai, a prominent web infrastructure and security company, the exploitation mechanism…
A significant security vulnerability has been identified within the decentralized social network Mastodon, enabling attackers to impersonate any user and seize control of their accounts. The issue stems from inadequate origin validation, as stated in a recent advisory from Mastodon’s maintainers. This vulnerability, cataloged as CVE-2024-23832, carries a severity score…
Mass Exploitation of SSRF Vulnerability in Ivanti Products A significant server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure and Policy Secure products has been widely exploited. Recent reports indicate that attacks are emanating from over 170 distinct IP addresses, indicating a coordinated effort to establish unauthorized access, including reverse…
Recent findings have unveiled three significant security vulnerabilities in Azure HDInsight, particularly affecting its Apache Hadoop, Kafka, and Spark services. These vulnerabilities could potentially be exploited to facilitate privilege escalation and launch a regular expression denial-of-service (ReDoS) attack, leaving systems vulnerable to unauthorized access and operational disruption. The flaws primarily…
A significant international coalition, encompassing several nations, including the United States, the United Kingdom, and France, alongside major tech companies such as Google, Microsoft, and Meta, has formalized an agreement aimed at combating the misuse of commercial spyware for human rights violations. This initiative, known as the Pall Mall Process,…
In a concerning development, Ivanti has notified its customers of a critical security vulnerability affecting its Connect Secure, Policy Secure, and ZTA gateway devices. This flaw presents an opportunity for attackers to bypass authentication protocols, posing significant risks to network integrity and data security. The vulnerability, designated as CVE-2024-22024, has…
Fortinet has recently uncovered a significant security vulnerability in its FortiOS SSL VPN, identified as CVE-2024-21762, which is currently believed to be actively exploited in the wild. This flaw, with a CVSS score of 9.6, poses a serious risk by enabling the execution of arbitrary code and commands by outside…
Recent research has highlighted a critical vulnerability in the Rhysida ransomware, allowing experts to reconstruct encryption keys and decrypt compromised data. This groundbreaking discovery was made by researchers from Kookmin University and the Korea Internet and Security Agency (KISA), who published their findings last week. The team noted that through…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on Monday the addition of a significant security vulnerability pertaining to Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog. This extension is based on confirmed instances of active exploitation. Identified as CVE-2023-43770 with a CVSS score of 6.1, the…
