Citrix was able to patch a zero-day vulnerability, while Adobe warns of attacks using ColdFusion Zero-Day and releases an urgent update that nearly fixes the issue. Nonetheless, the story is still not over, as these vulnerabilities are still exploited. Citrix and Adobe Patch 0-day Vulnerabilities Simultaneously, products of two companies were hit with critical vulnerabilities… Continue reading Citrix and Adobe Vulnerabilities Under Active Exploitation
Tag: 0-Day
Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild
On July 11, 2023, Microsoft published an article about addressing the CVE-2023-36884 vulnerability. This breach allowed for remote code execution in Office and Windows HTML. Microsoft has acknowledged a targeted attack that exploits a vulnerability using specifically designed Microsoft Office documents. The attacker can gain control of a victim’s computer by creating a malicious Office… Continue reading Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild
MOVEit Transfer Fixes a New Critical Vulnerability
After hundreds of companies were attacked with a 0-day vulnerability in MOVEit Transfer, the developer of this file transfer management product, Progress Software, promised to regularly release patches to provide a “predictable, simple, and transparent bug fixing process.” The first such package included patches for three vulnerabilities, including a critical one. MOVEit Vulnerabilities – The… Continue reading MOVEit Transfer Fixes a New Critical Vulnerability
How to Protect Your Digital Footprint
The modern business world has been greatly advanced by the internet. Its convenience and numerous benefits have made people from all over the world reliant on the digital world. As the use of digital platforms continues to increase, businesses of all sizes should consider their digital footprint. What is Corporate Digital Footprint? Your company’s digital… Continue reading How to Protect Your Digital Footprint
MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data
MOVEit managed file transfer (MFT) solution appears to contain a 0-day vulnerability, already exploited by hackers. Progress, the developer of the software solution, already released a note and security advisory regarding the case. What is MOVEit MFT? MOVEit is a software solution that allows convenient and secure data transfer inside the organisation. The product under… Continue reading MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data
New iOS Vulnerability Allows “Triangulation” Attack
New iOS vulnerability allows executing a zero-click malware delivery through the built-in iMessage messenger. The breach was discovered by Kaspersky analytics team, and appears to touch almost every user of Apple smartphones. Experts dubbed the malware “Triangulation”. iOS Exploit Allows Zero-Click Infection Probably, the worst case scenario for any target of cyberattack is the infection… Continue reading New iOS Vulnerability Allows “Triangulation” Attack
MSMQ Vulnerability Allows Remote Code Execution
Recent update released by Microsoft, an April Patch Tuesday, revealed a severe vulnerability in Microsoft Message Queueing mechanism. That vulnerability allows remote code execution after sending 1 (one) package through a specific port. What is Microsoft Message Queueing? Microsoft Message Queueing, or MSMQ, is an infrastructure element for sharing messages within a local network. At… Continue reading MSMQ Vulnerability Allows Remote Code Execution
The aCropalypse Vulnerability Poses a Threat Not Only to Pixel, but Also to Windows
Information security experts have discovered that the aCropalypse vulnerability, which allows restoring the original image edited on a Google Pixel device (using the Markup tool), is turning into a 0-day for Windows. Let me remind you that we also wrote that YouTube Video Causes Pixel Smartphones to Reboot, and also that Information Security Specialists Discovered… Continue reading The aCropalypse Vulnerability Poses a Threat Not Only to Pixel, but Also to Windows
Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It
Although Microsoft still hasn’t fixed the ProxyNotShell vulnerabilities found in Exchange last month, the company is now investigating a report of a new 0-day bug that is being used to compromise Exchange servers. Hackers are exploiting this bug to deploy the LockBit ransomware. Let me remind you that we also wrote that ProxyToken Vulnerability Allows… Continue reading Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It
Pegasus Spyware — The Most Dangerous Malware
Pegasus Spyware is a malicious program that is covered with multiple layers of secrets, rumours and false claims. That military-grade malware is something like a legend, that sometimes makes people think it is rather mythical than real. Still, the real Pegasus appears from time to time, just to notify everyone that it is still the… Continue reading Pegasus Spyware — The Most Dangerous Malware