The FreeBSD operating system maintainers have issued updates addressing a critical security vulnerability in the ping module, which could be exploited to crash the application or execute code remotely. This vulnerability, identified as CVE-2022-23093, affects all supported FreeBSD versions and involves a stack-based buffer overflow triggered by maliciously crafted packets.…
A zero-day vulnerability in Internet Explorer has been exploited by a North Korean threat actor, specifically targeting South Korean users. The attack exploits the heightened public sensitivity surrounding the recent Itaewon Halloween crowd crush incident, leveraging social engineering tactics to entice victims into downloading malware. This discovery was detailed by…
Increased TrueBot Infections Target Multiple Countries Recent reports from cybersecurity experts indicate a surge in infections linked to TrueBot malware, notably affecting countries such as Mexico, Brazil, Pakistan, and the United States. The rise in these attacks highlights a shift in tactics employed by the attackers, who have transitioned from…
Fortinet Releases Critical Security Patches for SSL-VPN Vulnerability On Monday, Fortinet announced the release of emergency patches responding to a significant security vulnerability discovered in its FortiOS SSL-VPN product. This vulnerability is currently experiencing active exploitation in the wild, emphasizing the urgency for organizations to apply the updates promptly. The…
A serious vulnerability has been uncovered in the Amazon Elastic Container Registry (ECR) Public Gallery, which could have been leveraged for various attacks, as reported by the cybersecurity firm Lightspin. The flaw poses critical risks, enabling malicious actors to delete images stored in the gallery or replace them with versions…
On Tuesday, the U.S. National Security Agency (NSA) issued a warning regarding a cyber threat from a group known as APT5, or Bronze Fleetwood, which has been actively exploiting a zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Gateway systems. This security flaw, cataloged as CVE-2022-27518, represents a critical…
As the demand for web applications grows, particularly those delivered as Software as a Service (SaaS), businesses worldwide heavily rely on these platforms. SaaS solutions are pivotal in transforming operational efficiencies across various sectors, including finance, healthcare, and education. However, while many Chief Technology Officers (CTOs) in startups grasp the…
Microsoft has recently escalated the severity rating of a previously patched security vulnerability from September 2022, now classifying it as “Critical.” This update follows findings that the vulnerability poses risks of remote code execution, significantly heightening its threat level. Identified as CVE-2022-37958 with a CVSS score of 8.1, the issue…
The open-source software suite Samba has issued critical updates to address several high-severity vulnerabilities that pose significant risks to system security. If exploited, these flaws could allow unauthorized users to gain control over the affected systems. The vulnerabilities, identified as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in the…