Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping

A critical vulnerability affecting wireless communication base stations from Baicells Technologies can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic, according to a researcher. Baicells Technologies is a US-based telecommunications equipment provider for 4G and 5G networks. The company says more than 100,000 of its base […]

Continue Reading

Atlassian Warns of Critical Jira Service Management Vulnerability

Atlassian this week warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow attackers to impersonate Jira users. Tracked as CVE-2023-22501 (CVSS score of 9.4), the flaw impacts Jira Service Management Server and Data Center versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. “An authentication vulnerability was discovered […]

Continue Reading

High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation

VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation. The flaw, tracked as CVE-2023-20854 and rated ‘high severity’, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows.  “A malicious actor with local user privileges […]

Continue Reading

Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication

Exploitation attempts targeting a critical-severity Oracle E-Business Suite vulnerability have been observed shortly after proof-of-concept (PoC) code was published. One of the major Oracle product lines, the E-Business Suite is a set of enterprise applications that help organizations automate processes such as supply chain management (SCM), enterprise resource planning (ERP), and customer relationship management (CRM). […]

Continue Reading

GoAnywhere MFT Users Warned of Zero-Day Exploit

Users of the GoAnywhere secure managed file transfer (MFT) software have been warned about a zero-day exploit that malicious actors can target directly from the internet.  The GoAnywhere MFT is made by Fortra, known until recently as HelpSystems, and it’s designed to enable organizations to automate and secure the exchange of data with their trading […]

Continue Reading

Google Shells Out $600,000 for OSS-Fuzz Project Integrations

Google this week announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz. Launched in 2016, OSS-Fuzz is meant to help identify vulnerabilities in open source software through continuous fuzzing, with a declared goal of making common software infrastructure more secure. Six months after the launch, […]

Continue Reading

Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots

Cisco on Wednesday announced patches for a high-severity command injection vulnerability in the IOx application hosting environment that could allow malicious code to persist across reboots. Tracked as CVE-2023-20076, the security defect exists because parameters that are passed for the activation of an application are not completely sanitized. “An attacker could exploit this vulnerability by […]

Continue Reading

Cyber Insights 2023 | Supply Chain Security

About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]

Continue Reading