A critical command injection vulnerability affecting OpenSSH
Vulnerabilities and Exploitation Attempts
A Critical Command Injection Vulnerability Affecting OpenSSH
OpenSSH has fixed a critical command injection vulnerability - tracked as CVE-2023-51385 - which could allow attackers to perform shell injection on vulnerable servers.?
Apache OFBiz Remote Code Execution Flaw Observed Being Actively Exploited; The Fix Led to Another Bypassing Authentication Flaw?
A new critical remote code execution (RCE) vulnerability in Apache OFBiz (Open For Business) - tracked as CVE-2023-49070 - is being actively exploited in the wild, while proof of concept exploits are available publicly.
Security researchers who investigated the patch released for this vulnerability found that the root from which the flaw originated still exists, and assigned a new CVE for this bypass issue: CVE-2023-51467.
A Zero-Day Vulnerability in Barracuda was Observed Being Actively Exploited by a Chinese Threat Group?
A Chinese threat group tracked as UNC4841A was observed utilizing CVE-2023-7102, an Arbitrary Code Execution (ACE) zero-day vulnerability within a third-party library affecting Barracuda’s Email Security Gateway Appliance (ESG).
Gain deeper CTI insights!?
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.?
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.