Zoho ha rilasciato un bollettino di sicurezza per descrivere una vulnerabilità con gravità “critica” – identificata tramite la CVE-2024-0252 e già sanata dal vendor – presente in ManageEngine ADSelfService Plus. Tale vulnerabilità potrebbe permettere a un attaccante remoto autenticato l’esecuzione di codice arbitrario sui dispositivi…
Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory…
È stato rilevato il riacutizzarsi di una campagna di phishing volta a carpire le credenziali utente delle potenziali vittime mediante form opportunamente predisposti che ripropongono loghi e riferimenti di note aziende del settore IT. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29357 Microsoft SharePoint Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational…
Rilevata nuova vulnerabilità con gravità “alta” nel noto software di videoconferenza Zoom. Tale vulnerabilità, qualora sfruttata, potrebbe permettere a un utente autenticato di elevare i propri privilegi. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38203 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability CVE-2023-29300 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability CVE-2023-27524 Apache Superset Insecure Default Initialization of Resource Vulnerability CVE-2023-41990 Apple Multiple Products Code Execution Vulnerability…
Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 1° al 7 gennaio 2024. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability CVE-2023-7101 Spreadsheet::ParseExcel Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…
