Barracuda Networks disclosed a serious cybersecurity incident involving a zero-day vulnerability within its Email Security Gateway (ESG) appliances, allegedly exploited by Chinese threat actors. This vulnerability has been designated as CVE-2023-7102 and has led to the deployment of backdoors on a select number of affected devices. The vulnerability involves an…
Zero-Day Vulnerability Discovered in Apache OfBiz ERP System A serious zero-day vulnerability has been identified in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. This flaw poses significant risks as it could potentially allow attackers to bypass essential authentication safeguards. The vulnerability is classified as CVE-2023-51467, linked specifically to…
Recent research from Ruhr University Bochum has revealed a critical security vulnerability in the Secure Shell (SSH) protocol, which is widely used for secure communications over untrusted networks. The vulnerability, designated as Terrapin (CVE-2023-48795), exhibits a CVSS score of 5.9, signaling its potential significance in the cybersecurity landscape. This vulnerability…
A recent report has highlighted a newly identified variant of DLL (Dynamic Link Library) search order hijacking, a sophisticated technique that cybercriminals may exploit to bypass security measures and execute malicious code on systems utilizing Microsoft Windows 10 and Windows 11. This particular method has drawn concern due to its…
A recent security report reveals that information-stealing malware is exploiting a previously undocumented Google OAuth endpoint known as MultiLogin. This vulnerability allows cybercriminals to hijack user sessions, granting them continuous access to Google services even after victims have conducted password resets. This revelation has raised significant concerns regarding user privacy…
Ivanti has disclosed critical security vulnerabilities within its Endpoint Manager (EPM) solution that pose severe risks to affected systems. This vulnerability, identified as CVE-2023-39336, has received a high-risk CVSS score of 9.6 out of 10, indicating its potential for abuse. The flaw affects both the EPM 2021 and EPM 2022…
Recent findings from cybersecurity researchers have unveiled a sophisticated macOS backdoor known as SpectralBlur, believed to be linked to a malware family associated with North Korean threat actors. This malware serves as a significant indicator of evolving tactics employed against macOS systems, particularly as these operate in sectors deemed high-value…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included six new security vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, citing clear indications of ongoing exploitation. This move emphasizes the necessity for organizations to remain vigilant and proactive in their cybersecurity measures. Among the newly flagged vulnerabilities is…
In a significant update released for January 2024, Microsoft has patched a total of 48 security vulnerabilities across its software ecosystem. This month’s Patch Tuesday includes two flaws classified as Critical and 46 as Important. Notably, there are no indications that any of these vulnerabilities are being actively exploited or…
