FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

By Newsroom — February 13th 2024 at 07:03
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code. CVE
☐ ☆ ✇ The Hacker News

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

By Newsroom — February 6th 2024 at 06:58
A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit CVE-2024-21893 (CVSS
☐ ☆ ✇ The Hacker News

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

By Newsroom — November 7th 2023 at 07:14
Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat
☐ ☆ ✇ The Hacker News

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

By Newsroom — November 2nd 2023 at 04:27
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a
☐ ☆ ✇ The Hacker News

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits

By THN — August 30th 2023 at 11:15
Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web CVE-2023-36844 (& friends) targeting /webauth_operation.php endpoint," the same day a proof-of-concept (PoC)
☐ ☆ ✇ The Hacker News

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

By THN — July 18th 2023 at 05:56
Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an
❌