Atlassian Issues Security Patches for Critical Jira Vulnerability Atlassian has rolled out essential updates to address a significant security vulnerability in its Jira Service Management Server and Data Center products. This flaw could enable an attacker to impersonate another user and gain unauthorized access to affected instances, marking a substantial…
A newly discovered zero-day vulnerability impacting Fortra’s GoAnywhere MFT managed file transfer application is currently being exploited by cybercriminals. The details of this flaw emerged when security journalist Brian Krebs shared the information on Mastodon, although Fortra has yet to issue a public advisory regarding this incident. This vulnerability enables…
The OpenSSH maintainers have announced the release of OpenSSH 9.2, which aims to rectify several security vulnerabilities, notably a memory safety issue identified in the OpenSSH server (sshd). This vulnerability, cataloged as CVE-2023-25136, is classified as a pre-authentication double free vulnerability that was introduced with version 9.1. The maintainers clarified…
Multiple Vulnerabilities Identified in Document Management Systems Recent findings have highlighted several security vulnerabilities across prominent open-source and freemium Document Management Systems (DMS) offered by four vendors: LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. These unpatched flaws expose organizations to potentially severe cyber threats. Cybersecurity firm Rapid7 has reported eight critical vulnerabilities…
On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, identifying three flaws currently being actively exploited. This addition underscores the persistent threat landscape faced by organizations, especially those in critical sectors. Among the newly acknowledged vulnerabilities is CVE-2022-24990, which affects TerraMaster network-attached…
Apple Addresses Actively Exploited Zero-Day Vulnerability in Recent Security Updates On Monday, Apple released crucial security updates to its operating systems—specifically iOS, iPadOS, macOS, and Safari—aimed at addressing a significant zero-day vulnerability that has been reportedly exploited in real-world scenarios. This flaw, tracked as CVE-2023-23529, involves a type confusion error…
VMware has issued critical patches for its Carbon Black App Control product to address a significant security vulnerability identified as CVE-2023-20858. This vulnerability, which has received a CVSS score of 9.1, impacts App Control versions 8.7.x, 8.8.x, and 8.9.x, representing a serious risk to the system’s integrity. The company has…
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of three significant vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. This decision follows emerging evidence of active exploitation affecting specific target systems. The identified vulnerabilities include: CVE-2022-47986, a code execution flaw in IBM Aspera Faspex (CVSS…
The Hidden Risks in Finance In a notable incident a few years ago, a Washington-based real estate developer encountered a significant web vulnerability while engaging with First American, a financial services company. While reviewing a document link related to a transaction, he discovered something unexpected: by altering a single digit…