Cybersecurity News – October 13, 2023
CISA Known Exploited Vulnerabilities
Five vulnerabilities were added to the CISA Known Exploited Vulnerability List
?? Microsoft Skype for Business Privilege Escalation Vulnerability
?? Adobe Acrobat and Reader Use-After-Free Vulnerability
?? HTTP/2 Rapid Reset Attack Vulnerability
?? Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
?? Microsoft WordPad Information Disclosure Vulnerability
News Headlines
IBM's X-Force team has discovered that cybercriminals are actively exploiting a recent vulnerability, CVE-2023-3519, in the Citrix NetScaler Gateway.
Ransomware attacks are now focusing on unpatched WS_FTP servers that are vulnerable to a maximum severity flaw.
The U.S. Securities and Exchange Commission (SEC) has opened an investigation into the security vulnerability in Progress Software's MOVEit transfer tool.
The release of curl 8.4.0 has addressed a high-severity security vulnerability (CVE-2023-38546), allaying fears about the flaw's potential impact.
A critical vulnerability in the cURL data transfer project has been identified, posing a significant risk to countless enterprise operating systems, applications, and devices.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include five additional security flaws.
While the launch of iOS 17 has been announced, a large number of Apple users are still on iOS 16, mainly because their devices cannot support the new upgrade.
Fortinet has recently rolled out security patches to address two critical command injection vulnerabilities in its FortiSIEM and FortiWLM products.
领英推荐
Microsoft has identified a nation-state threat actor, Storm-0062, as the entity behind the zero-day exploits targeting Atlassian’s Confluence Data Center and Server products.
Microsoft has issued a more effective patch for a severe Microsoft Exchange Server vulnerability, originally fixed in August, identified as CVE-2023-21709.
On Tuesday, Microsoft's security response team dispatched a substantial number of software and operating system updates to cover more than 100 vulnerabilities across the Windows ecosystem.
Adobe, the software manufacturer, has released patches for 13 security vulnerabilities as part of its scheduled Patch Tuesday updates.
A critical vulnerability has been discovered in Citrix's NetScaler ADC and NetScaler Gateway devices, which could lead to the exposure of sensitive data.
The IZ1H9, a variant of the notorious Mirai botnet, has broadened its attack capabilities by incorporating 13 new exploits into its toolkit.
The newly discovered 'HTTP/2 Rapid Reset' DDoS technique has been exploited as a zero-day since August, setting new records in attack volume.
An advanced persistent threat (APT) group, named Grayling by Symantec's cybersecurity unit, has been identified as a new threat to organizations in Taiwan, the US, and Vietnam.
A recent investigation by Amnesty International's Security Labs and the European Investigative Collaboration (EIC) media network has shed light on the extensive commercial operation behind the surge in Predator spyware.
Cybercriminals are leveraging a significant flaw, CVE-2023-3519, in Citrix NetScaler Gateways to carry out a large-scale campaign aimed at stealing user credentials.
VULNERA closes the vulnerability detection – prioritization – remediation loop, addressing the fundamental challenges in vulnerability management. Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk.
Talk to a VULNERA expert today to find out how VULNERA provides leverage to your cybersecurity program. And check out VULNERA PULSE, a weekly series on cybersecurity vulnerabilities making news headlines and impacting the industry.