Risk Rating: CRITICAL CVSS Score: 9.8 Vulnerability Type: Remote Code Execution (RCE) CVE Identifier: CVE-2023-50164 Exploitation Status: Actively exploited. Affected Version: Struts 2.0.0-2.3.37(EOL), 6.0.0-6.3.0.1, 2.0.0-2.5.32. Link: Apache.org Introduction Recently discovered, CVE-2023-50164 reveals a critical flaw in Apache Struts that could allow hackers to execute code remotely by manipulating file upload settings. Actively exploited, this poses an […]
10
Jul
Jul
Date: 10/07/2023 Link: The Hacker News Introduction We would like to bring to your attention a significant security breach that has affected Revolut’s payment systems. Malicious actors successfully exploited an unknown flaw within the system, resulting in the theft of over $20 million from the company’s funds. The incident occurred in early 2022 but has […]
06
Jul
Jul
Title: Unpatched Security Vulnerability in Ultimate Member Plugin for WordPress Date: 05/07/2023 Link: The HackerNews Introduction We would like to inform our valued clients about a critical security vulnerability affecting the popular Ultimate Member plugin for WordPress. This vulnerability poses a significant risk to your website’s security, allowing attackers to create new user accounts with […]
Risk Rating: CRITICAL Affected Products: MOVEit Transfer Affected Version: 2023.0.0 (15.0), 2022.1.x (14.1), 2022.0.x (14.0), 2021.1.x (13.1), 2021.0.x (13.0), 2020.1.x (12.1) Patched Version: CVE-2023-34362, CVE-2023-35036 Proof-of-Concepts available: no Vendor: Progress Software Corporation Date: 31/05/2023, 09/06/2023 Introduction: A severe Zero-Day vulnerability was disclosed, which posed a significant risk to Progress MOVEit File Transfer software users. “Progress” […]
Risk Rating: HIGH Affected Products: Google Chrome Affected Version:Versions previous to 103.0.5060.114 Patched Version: 103.0.5060.114 Vendor: Google Date: 01/07/2022 Introduction: A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability. Technical details are limited at […]
Risk Rating: CRITICAL Affected Products: F5 Big-Ip Affected Version:16.1.0-16.1.2/ 15.1.0-15.1.5 / 14.1.0-14.1.4 / 13.1.0-13.1.4 /12.1.0-12.1.6 / 11.6.1-11.6.5 Patched Version: 17.0.0 / 16.1.2.2 / 15.1.5.1 / 14.1.4.6 / 13.1.5 Proof-of-Concepts available: yes Vendor: F5 Date: 04/05/2022 Introduction: F5 Big-Ip load-balancers can be abused to obtain Remote Command Execution (RCE). These devices have an administrative interface (iControl […]
Risk Rating: CRITICAL Affected Products: Avaya series; Aruba Affected Version: ERS3500/ERS3600/ERS4900/ERS5900; Aruba 5400R/3810/2920/2930F/2930M/2530/2540 Patched Version: N/A Vendor: Aruba and Avaya network switches Date: 04/05/2022 Introduction: Five critical vulnerabilities were identified within the various models of Aruba and Avaya network switches. The vulnerabilities affect the implementation of the TLS stack within those devices. Insecure memory management […]
Risk Rating: HIGH Affected Product: Java SE & Oracle GraalVM Enterprise Edition product of Oracle Java SE Affected Version: Versions 15, 16, 17 & 18, Oracle GraalVM Enterprise Edition: 21.3.1 & 22.0.0.2 Patched Version: April 2022 Critical Patch Update Vendor: Oracle Date of Disclosure: 19.04.2022 Introduction: A vulnerability exists within the implementation of ECDSA cryptographic […]
Risk Rating: HIGH Affected Product: Cisco Umbrella Virtual Appliance Affected Version: Virtual Appliance <= 3.3.2 Patched Version: Please see Remediation(s) section for more details. Vendor: Cisco Date of Disclosure: 20.04.2022 Introduction: Cisco Umbrella Virtual Applications contains a vulnerability in the key based SSH authentication mechanism which could potentially allow a remote unauthenticated attacker to impersonate […]
23
Mar
Mar
Another war was launched by a popular anonymous hacktivist on companies who still choose to run in Russia and pay taxes to the Russian Government. After Nestlé decided to continue operating in Russia the anonymous hackers threatened to attack them and eventually hacked into their system, leaking 10GB worth of sensitive data. Impact On 22nd […]