È stato rilevato il riacutizzarsi di una campagna di phishing volta a carpire le credenziali utente delle potenziali vittime mediante form opportunamente predisposti che ripropongono loghi e riferimenti di note aziende del settore IT. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29357 Microsoft SharePoint Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational…
Rilevata nuova vulnerabilità con gravità “alta” nel noto software di videoconferenza Zoom. Tale vulnerabilità, qualora sfruttata, potrebbe permettere a un utente autenticato di elevare i propri privilegi. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38203 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability CVE-2023-29300 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability CVE-2023-27524 Apache Superset Insecure Default Initialization of Resource Vulnerability CVE-2023-41990 Apple Multiple Products Code Execution Vulnerability…
Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 1° al 7 gennaio 2024. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability CVE-2023-7101 Spreadsheet::ParseExcel Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…
Google ha rilasciato gli aggiornamenti di sicurezza di dicembre per sanare molteplici vulnerabilità che interessano il sistema operativo Android, di cui 3 con gravità “critica”. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA released three Industrial Control Systems (ICS) advisories on January 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation ICSA-24-004-02 Mitsubishi Electric Factory Automation Products ICSA-23-348-15 Unitronics Vision and Samba Series (Update A)…
