A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution, which is widely used to facilitate secure remote access to desktop applications now exploited in the wild. The vulnerability, which remains… Article Source https://gbhackers.com/citrix-virtual-apps-desktops-vulnerability/
Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability in Citrix’s Virtual Apps and Desktops. The exploit, discovered by watchTowr, can be carried out… Article Source https://www.theregister.com/2024/11/12/http_citrix_vuln/
Google Search getty Cybercriminals are quick to seize any opportunity, especially when it comes to vulnerabilities in widely-used web services. Google’s ecosystem, with its vast reach and popularity, makes an especially tempting target. While its… Article Source https://www.forbes.com/sites/alexvakulov/2024/10/31/how-hackers-exploit-google-to-target-you/
Aug 22, 2024Ravie LakshmananNetwork Security / Zero-Day Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the… Article Source https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html
Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service attacks. The bug, CVE-2024-20481, is… Article Source https://www.theregister.com/2024/10/24/cisco_bug_brute_force/
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13,… Article Source https://www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/
A zero-day vulnerability, tracked as CVE-2024-44068, has been discovered in Samsung’s mobile processors and is being used in an exploit chain for arbitrary code execution. The vulnerability was given a critical CVSS score of 8.1 out of 10 and was… Article Source https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warns
In the past week, the SOCRadar Dark Web Team has uncovered a series of alarming cyber threats involving unauthorized access sales, database leaks, and new phishing services. Among the most concerning incidents is the alleged sale of Citrix… Article Source https://socradar.io/citrix-rdp-access-jenkins-exploit-and-major-database-leak-of-union-bank-of-india/
A recent proof-of-concept exploit has been published for a critical vulnerability in VMware vCenter Server, designated CVE-2024-22274. This vulnerability affects the API components of the vCenter Server and has been rated as Important with a CVSSv3 base score of 7.2. The exploit targets specific API components that are vulnerable to a flag injection attack, allowing … Read more
A new OpenSSH race condition CVE-2024-6409 exploit has been identified, following a warning from Kaspersky about a fake RegreSSHion exploit targeting security researchers. The RegreSSHion vulnerability, CVE-2024-6387, was falsely claimed to have a proof of concept exploit on various forums. However, a legitimate exploit for CVE-2024-6387 has been confirmed, while a new vulnerability, CVE-2024-6409, has … Read more