CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild.
The post CISA Warns of Windows Streaming Service Vulnerability Exploitation appeared first on SecurityWeek.
Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack
North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit.
The post Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack appeared first on SecurityWeek.
Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day.
The post Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers appeared first on SecurityWeek.
Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin
Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware.
The post Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin appeared first on SecurityWeek.
CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks
CISA has added CVE-2020-3259, an old Cisco ASA vulnerability exploited by ransomware, to its KEV catalog.
The post CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks appeared first on SecurityWeek.
Microsoft Warns of Exploited Exchange Server Zero-Day
Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks.
The post Microsoft Warns of Exploited Exchange Server Zero-Day appeared first on SecurityWeek.
Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor
Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft.
The post Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor appeared first on SecurityWeek.
CISA Warns of Roundcube Webmail Vulnerability Exploitation
CISA has added the Roundcube flaw tracked as CVE-2023-43770 to its known exploited vulnerabilities catalog.
The post CISA Warns of Roundcube Webmail Vulnerability Exploitation appeared first on SecurityWeek.
Exploitation of Another Ivanti VPN Vulnerability Observed
Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins.
The post Exploitation of Another Ivanti VPN Vulnerability Observed appeared first on SecurityWeek.
Fortinet Warns of New FortiOS Zero-Day
Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild.
The post Fortinet Warns of New FortiOS Zero-Day appeared first on SecurityWeek.
