-
Google Chrome emergency update fixes zero-day used in attacks
Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.
- April 14, 2022
- 05:36 PM
3
-
CISA warns orgs to patch actively exploited Windows LPE bug
The Cybersecurity and Infrastructure Security Agency (CISA) has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver.
- April 13, 2022
- 06:48 PM
1
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
CISA warns orgs of WatchGuard bug exploited by Russian state hackers
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances.
- April 11, 2022
- 06:24 PM
- 0
-
Microsoft detects Spring4Shell attacks across its cloud services
Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.
- April 05, 2022
- 12:46 PM
- 0
-
Trend Micro fixes actively exploited remote code execution bug
Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely.
- April 01, 2022
- 12:58 PM
- 0
-
CISA orders agencies to patch actively exploited Sophos firewall bug
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.
- March 31, 2022
- 03:46 PM
- 0
-
Sophos warns critical firewall bug is being actively exploited
British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution (RCE) is now actively exploited in attacks.
- March 29, 2022
- 10:00 AM
- 0
-
CISA warns orgs to patch actively exploited Chrome, Redis bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chrome zero-day and a critical Redis vulnerability within the next three weeks, both actively exploited in the wild.
- March 28, 2022
- 06:01 PM
- 0
-
CISA adds 66 vulnerabilities to list of bugs exploited in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities.'
- March 26, 2022
- 01:22 PM
- 0
-
CISA adds 15 vulnerabilities to list of flaws exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks.
- March 16, 2022
- 12:14 PM
- 0
-
Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs
Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks.
- March 06, 2022
- 02:23 PM
- 0
-
CISA warns organizations to patch 95 actively exploited bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its list of actively exploited security issues, the largest number since issuing the binding operational directive (BOD) last year.
- March 04, 2022
- 09:00 AM
- 0
-
CISA warns of actively exploited vulnerabilities in Zabbix servers
A notification from the U.S. Cybersecurity Infrastructure and Security Agency (CISA) warns that threat actors are exploiting vulnerabilities in the Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services.
- February 25, 2022
- 02:31 AM
- 1
-
Google Chrome emergency update fixes zero-day exploited in attacks
Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.
- February 14, 2022
- 06:34 PM
- 0
-
CISA adds 8 vulnerabilities to list of actively exploited bugs
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new.
- January 31, 2022
- 01:18 PM
- 0
-
CISA adds 17 vulnerabilities to list of bugs exploited in attacks
This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog.
- January 22, 2022
- 03:36 PM
- 1
-
Log4j vulnerability now used by state-backed hackers, access brokers
As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability (CVE-2021-44228) in the Log4j Java-based logging library.
- December 15, 2021
- 11:09 AM
- 0
-
Sitecore XP RCE flaw patched last month now actively exploited
The Australian Cyber Security Center (ACSC) is alerting web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP).
- November 08, 2021
- 11:56 AM
- 0
1
