Atlassian Releases Security Updates

Atlassian has released its Security Bulletin for July 2023 to address vulnerabilities in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506). An attacker can exploit these vulnerabilities…

Comments Off on Atlassian Releases Security Updates

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler…

Comments Off on Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Citrix Releases Security Updates for NetScaler ADC and Gateway

Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467) affecting NetScaler ADC and NetScaler Gateway. An attacker can exploit one of these vulnerabilities to take control of…

Comments Off on Citrix Releases Security Updates for NetScaler ADC and Gateway

Vulnerability Summary for the Week of July 10, 2023

  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info elra -- parkmatik Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')…

Comments Off on Vulnerability Summary for the Week of July 10, 2023

Cisco Releases Security Update for SD-WAN vManage API

Cisco has released a security update to address a critical vulnerability affecting SD-WAN vManage API. A remote attacker can exploit this vulnerability to take control of an affected system. CISA…

Comments Off on Cisco Releases Security Update for SD-WAN vManage API

CISA Adds Two Known Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-37450 Apple Multiple Products WebKit Code Execution Vulnerability CVE-2022-29303 SolarView Compact Command Injection Vulnerability…

Comments Off on CISA Adds Two Known Vulnerabilities to Catalog

Juniper Releases Multiple Security Updates for Juno OS

Juniper has released updates to address multiple vulnerabilities in Juno OS. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and…

Comments Off on Juniper Releases Multiple Security Updates for Juno OS

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-194-01 Siemens RUGGEDCOM ROX…

Comments Off on CISA Releases Nine Industrial Control Systems Advisories

CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to…

Comments Off on CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online