Category: Uncategorized
-
CISA to the Known Exploited Vulnerabilities Catalog
FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities catalog on March 7, 2023. The catalog lists vulnerabilities that are being actively exploited…
-
CISA to the Known Exploited Vulnerabilities Catalog
FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2020-5741 (Plex Media Server remote code execution vulnerability) and CVE-2021-39144 (XStream Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities (KEV) catalog on March 10, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild and require federal agencies…
-
PaperCut Remote Code Execution Vulnerability Exploited in the Wild
UPDATE 04/26/2023: Updated protection section for IPS protection.FortiGuard Labs is aware that a recently disclosed vulnerability in PaperCut MF/NG (CVE-2023-27350) is susceptible to a remote code execution attack and is currently being exploited in the wild. Various remote management and maintenance software and Truebot malware were reportedly to have been deployed to unpatched severs. As…
-
New Proof of Concept Combining CVE-2019-1322 and CVE-2019-1405 Developed
The FortiGuard SE Team is aware of a new proof of concept dubbed “COMahawk” disclosed on Nov 14 that incorporates CVE-2019-1405 and CVE-1322. The proof of concept combines two latest vulnerabilities in Microsoft Windows CVE-2019-1405 {Windows UPnP Service Elevation of Privilege Vulnerability) and CVE-2019-1322 (Microsoft Windows Elevation of Privilege Vulnerability) that allows for a full…
-
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware [email protected] (The Hacker News)
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to…
-
Top DevSecOps certifications and trainings for 2025
DevOps Institute, Practical DevSecOps, EXIN and EC-Council are among the organizations that offer DevSecOps certifications and trainings for cybersecurity professionals.Read More
-
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials [email protected] (The Hacker News)
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. “The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges,” Akamai security researcher…
-
Kerberoasting Detections: A New Approach to a Decade-Old Challenge [email protected] (The Hacker News)
Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks…
-
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages [email protected] (The Hacker News)
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. “As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers,” Matthew Suozzo, Google Open…
-
CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-2775 (CVSS score: 9.3) – An improper restriction of XML external entity (XXE) reference vulnerability in theRead…