Recently disclosed vulnerabilities in Ivanti Connect Secure, Policy Secure, and ZTA gateways have been exploited by threat actors to implant a backdoor named DSLog on vulnerable systems. Findings from Orange Cyberdefense indicate that the exploitation of CVE-2024-21893 occurred within hours following the public release of its proof-of-concept code. The identified…
In its February 2024 Patch Tuesday updates, Microsoft has issued fixes for 73 security vulnerabilities across its software ecosystem, including two zero-day flaws currently under active exploitation. Among these vulnerabilities, five have been categorized as Critical and 65 as Important, while three have a Moderate severity rating. This release also…
Security Flaw Detected in Ubuntu’s Package Recommendation System Cybersecurity experts have identified a significant vulnerability within Ubuntu’s command-not-found utility, which malicious actors could exploit to push harmful packages onto unsuspecting users. This tool is designed to recommend installations when users attempt to run commands that are unavailable, but it can…
On Wednesday, Microsoft disclosed that a severe security vulnerability, identified as CVE-2024-21410, within its Exchange Server software has been actively exploited in the wild. This revelation came shortly after the tech giant released fixes during its monthly Patch Tuesday updates. With a CVSS score of 9.8, the flaw represents a…
Understanding the Escalating Cybersecurity Threats for SMBs In an era where cybersecurity breaches dominate headlines, the visibility of these risks extends beyond large enterprises to encompass small and medium-sized businesses (SMBs) and the public at large. This growing awareness among SMBs highlights the pressing need to bolster their security measures.…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a recently patched security vulnerability affecting Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software in its Known Exploited Vulnerabilities (KEV) catalog. This update comes in response to indications that the flaw is being actively exploited in…
A recent report by Recorded Future has revealed a sophisticated cyber espionage campaign attributed to threat actors with ties to Belarus and Russia. This operation has reportedly taken advantage of cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers, targeting over 80 organizations predominantly based in Georgia, Poland, and Ukraine. The…
ConnectWise ScreenConnect Software Patch Addresses Critical Security Vulnerabilities ConnectWise has recently issued crucial software updates to rectify two significant security vulnerabilities in its ScreenConnect remote desktop software, including a critical flaw that could allow remote code execution on compromised systems. This follows the identification of these vulnerabilities, which the company…
VMware Urges Immediate Action Over Critical EAP Vulnerabilities VMware has issued an urgent advisory urging users to remove the deprecated Enhanced Authentication Plugin (EAP) due to the emergence of a severe security vulnerability. Classified as CVE-2024-22245, this flaw has been assigned a CVSS score of 9.6 and has been identified…
