Microsoft Addresses Security Flaw in Power Platform Amid Criticism for Delayed Response On Friday, Microsoft announced it has remedied a significant security vulnerability affecting its Power Platform, although it faced backlash for not acting more swiftly. This flaw posed a risk of unauthorized access to Custom Code functions utilized in…
In its August 2023 Patch Tuesday updates, Microsoft has addressed a total of 74 vulnerabilities across its software suite, a significant decrease from the 132 vulnerabilities patched in the previous month. Among these, there are six classified as Critical, 67 as Important, and one as Moderate in severity. The latest…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a newly patched vulnerability affecting Microsoft’s .NET and Visual Studio products in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that the flaw is actively being exploited in the wild. This vulnerability, tracked…
A recent disclosure has revealed a series of 16 high-severity security vulnerabilities in the CODESYS V3 software development kit (SDK). This suite of flaws could potentially lead to remote code execution and denial-of-service conditions, thereby posing significant risks to operational technology (OT) sectors. The vulnerabilities, tracked from CVE-2022-47378 to CVE-2022-47393…
A significant security vulnerability has been revealed in the URL parsing function of Python, posing a serious risk where attackers could exploit it to circumvent domain and protocol filtering mechanisms that rely on blocklists. This could lead to unauthorized file readings and arbitrary command executions. The CERT Coordination Center (CERT/CC)…
Recent reports indicate that almost 2,000 Citrix NetScaler instances have been compromised through the exploitation of a newly disclosed critical security vulnerability. This backdoor attack forms part of an extensive exploitation campaign targeting these widely used servers. The NCC Group has identified that adversaries leveraged CVE-2023-3519 to automate the deployment…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed a significant security vulnerability in the Citrix ShareFile storage zones controller in its Known Exploited Vulnerabilities (KEV) catalog, following credible assessments of active exploitation in the wild. This vulnerability, designated as CVE-2023-24489, holds a critical CVSS score of 9.8 and…
Recent findings from cybersecurity researchers have unveiled a sophisticated post-exploit technique on iOS 16 that could allow attackers to maintain covert access to Apple devices, even when users believe their devices are disconnected. This method leverages a deceptive form of Airplane Mode, manipulating the user interface to mislead victims while…
A new attack method termed NoFilter has emerged, leveraging the Windows Filtering Platform (WFP) for privilege escalation in the Windows operating system. This previously undetected approach poses significant risks as it could be exploited by threat actors to gain higher-level access without detection. Ron Ben Yizhak, a security researcher with…
