Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
A critical vulnerability affecting wireless communication base stations from Baicells Technologies can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic, according to a researcher. Baicells Technologies is a US-based telecommunications equipment provider for 4G and 5G networks. The company says more than 100,000 of its base […]
Continue Reading
Unpatched and unprotected VMware ESXi servers around the world have been targeted over the past few days in a large-scale ransomware attack exploiting a vulnerability patched in 2021. The attacks, dubbed ESXiArgs, are still being analyzed by the cybersecurity community, but based on the information available to date, it appears that threat actors are exploiting […]
Continue ReadingAtlassian this week warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow attackers to impersonate Jira users. Tracked as CVE-2023-22501 (CVSS score of 9.4), the flaw impacts Jira Service Management Server and Data Center versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. “An authentication vulnerability was discovered […]
Continue ReadingVMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation. The flaw, tracked as CVE-2023-20854 and rated ‘high severity’, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows. “A malicious actor with local user privileges […]
Continue ReadingExploitation attempts targeting a critical-severity Oracle E-Business Suite vulnerability have been observed shortly after proof-of-concept (PoC) code was published. One of the major Oracle product lines, the E-Business Suite is a set of enterprise applications that help organizations automate processes such as supply chain management (SCM), enterprise resource planning (ERP), and customer relationship management (CRM). […]
Continue Reading
Users of the GoAnywhere secure managed file transfer (MFT) software have been warned about a zero-day exploit that malicious actors can target directly from the internet. The GoAnywhere MFT is made by Fortra, known until recently as HelpSystems, and it’s designed to enable organizations to automate and secure the exchange of data with their trading […]
Continue ReadingGoogle this week announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz. Launched in 2016, OSS-Fuzz is meant to help identify vulnerabilities in open source software through continuous fuzzing, with a declared goal of making common software infrastructure more secure. Six months after the launch, […]
Continue ReadingF5 warns of a high-severity format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service (DoS) condition and potentially execute arbitrary code. Tracked as CVE-2023-22374, the security defect impacts iControl SOAP, an open API that enables communication between systems, which runs as root. The SOAP interface is accessible from the […]
Continue ReadingCisco on Wednesday announced patches for a high-severity command injection vulnerability in the IOx application hosting environment that could allow malicious code to persist across reboots. Tracked as CVE-2023-20076, the security defect exists because parameters that are passed for the activation of an application are not completely sanitized. “An attacker could exploit this vulnerability by […]
Continue Reading
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]
Continue Reading