Blog – Pagina 122 – Luca Donetti Dontin

Ott282023

Rilevato sfruttamento in rete della CVE-2023-5631 relativa a Roundcube (AL03/231027/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-5631 – già sanata dal vendor – che interessa il prodotto Roundcube Webmail, noto gestore di posta elettronica open source. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Ott262023

CISA Releases Nine Industrial Control Systems Advisories

in Cybersecurity
Tagged with Cisa

CISA released nine Industrial Control Systems (ICS) advisories on October 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-299-01 Dingtian DT-R002 ICSA-23-299-02 Centralite Pearl Thermostat ICSA-23-299-03 Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium ICSA-23-299-04 Rockwell Automation Arena ICSA-23-299-05…

Continue reading →

Ott262023

Vulnerabilità in prodotti NextGen HealthCare (AL03/231026/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Rilevata una vulnerabilità nel prodotto Mirth Connect di NextGen HealthCare, piattaforma open source di integrazione dati utilizzata tipicamente in ambito sanitario. Tale vulnerabilità, qualora sfruttata, potrebbe permettere a un utente malintenzionato remoto l’esecuzione di codice arbitrario sui prodotti target. Source link Author: csirt@pec.acn.gov.it Article used…

Continue reading →

Ott242023

CISA Releases One Industrial Control Systems Advisory

in Cybersecurity
Tagged with Cisa

CISA released one Industrial Control Systems (ICS) advisory on October 24, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-297-01 Rockwell Automation Stratix 5800 and Stratix 5200 CISA encourages users and administrators to review the newly released ICS…

Continue reading →

Ott242023

Rilevata criticità nel prodotto ServiceNow (AL02/231023/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

È stata recentemente rilevata una criticità nel prodotto ServiceNow, piattaforma per la gestione dei flussi di lavoro digitali per le operazioni aziendali. Tale criticità deriva da una particolare configurazione delle Access Control List (ACL) che potrebbe permettere l’accesso a informazioni sensibili presenti sui sistemi target….

Continue reading →

Ott222023

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

in Cybersecurity
Tagged with Cisa

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these…

Continue reading →

Ott222023

Risolte vulnerabilità su Zimbra Collaboration (AL01/231019/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Rilasciati aggiornamenti per sanare alcune vulnerabilità riscontrate nel software Zimbra Collaboration Joule, Kepler e Daffodil. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Ott202023

CISA Adds Two Known Exploited Vulnerabilities to Catalog

in Cybersecurity
Tagged with Cisa

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber…

Continue reading →