zeroday

Take Immediate Action: Cisco Switches Vulnerable to Remote Takeover due to Zero-Day Vulnerability

by
Take Immediate Action: Cisco Switches Vulnerable to Remote Takeover due to Zero-Day Vulnerability

Cisco recently addressed a critical zero-day vulnerability in its NX-OS software that was exploited in April attacks by the Chinese state-sponsored threat actor known as Velvet Ant. The vulnerability, tracked as CVE-2024-20399, allowed attackers with valid administrator credentials to execute arbitrary commands on affected devices. Velvet Ant used this flaw to install custom malware on … Read more

Chinese Velvet Ant Group Exploits Zero-Day Bug Patched by Cisco

by
Chinese Velvet Ant Group Exploits Zero-Day Bug Patched by Cisco

A recent report has shown that Chinese state-backed hackers took advantage of a zero-day vulnerability in Cisco Nexus switches that had just been patched. Cisco released a fix for CVE-2024-20399, a flaw in the Cisco NX-OS software’s command-line interface that could allow a local attacker to run arbitrary commands as root with administrator privileges. The … Read more

Active Attack Targeting Cisco NX-OS Zero-Day Command Injection Vulnerability

by
Active Attack Targeting Cisco NX-OS Zero-Day Command Injection Vulnerability

A critical vulnerability has been identified in the command line interface (CLI) of Cisco NX operating system, allowing attackers to execute arbitrary commands as root on affected devices. This zero-day flaw, known as CVE-2024-20399, poses a significant threat to network security, especially for organizations using Cisco Nexus and MDS series switches. The vulnerability stems from … Read more

Chinese hackers known as the ‘Silk Ants’ captured exploiting a new zero-day vulnerability in Cisco devices

by
Chinese hackers known as the ‘Silk Ants’ captured exploiting a new zero-day vulnerability in Cisco devices

A recent zero-day vulnerability was exploited by Chinese state-sponsored hackers in April on Cisco devices, as revealed by Cisco and Sygnia Advisories. The vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used in Nexus series switches for networking. The hackers, known as the Velvet Ant group, were able to gain access to Cisco Nexus switches … Read more

Cisco Issues Warning About Exploited NX-OS Zero-Day Vulnerability Used for Deploying Malware

by
Cisco Issues Warning About Exploited NX-OS Zero-Day Vulnerability Used for Deploying Malware

Cisco recently patched a zero-day exploit in its NX-OS software that was used in cyber attacks back in April. The cybersecurity firm Sygnia identified the attacks as being carried out by a Chinese state-sponsored group known as Velvet Ant. The attackers were able to gain root access to vulnerable switches and install custom malware, allowing … Read more

Hackers focusing on US critical infrastructure exploit Citrix zero-day vulnerability

by

Cybersecurity experts have recently discovered that hackers are utilizing a zero-day vulnerability in Citrix software to target critical infrastructure in the United States. This alarming development has raised serious concerns about the security of essential systems and services that the country relies on daily. According to reports, the hackers are exploiting a vulnerability in Citrix … Read more

Citrix cautions about limited risk of exploitation in two Netscaler zero-day vulnerabilities.

by
Citrix cautions about limited risk of exploitation in two Netscaler zero-day vulnerabilities.

Citrix has issued warnings about two zero-day vulnerabilities affecting its customer-managed Netscaler Application Delivery Controller and Netscaler Gateway appliances, with reports of active exploitation in a limited number of cases. The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, could result in remote code execution and denial of service attacks, respectively. These vulnerabilities come more than three … Read more

Critical Citrix Vulnerabilities Addressed in Latest Patch Release: Zero-Day Threats Targeting NetScaler ADC and Gateway

by

Citrix has released patches for two zero-day vulnerabilities that were actively being exploited in their NetScaler ADC and Gateway products. This news comes as a relief to many organizations, especially those in the healthcare industry who are subject to HIPAA regulations. The vulnerabilities could have allowed attackers to gain unauthorized access to sensitive information, potentially … Read more

Zero-Day Vulnerabilities CVE-2023-6548 and CVE-2023-6549 Exploited in Citrix NetScaler ADC and NetScaler Gateway

by
Zero-Day Vulnerabilities CVE-2023-6548 and CVE-2023-6549 Exploited in Citrix NetScaler ADC and NetScaler Gateway

Citrix recently announced the presence of two zero-day vulnerabilities in its NetScaler ADC and NetScaler Gateway appliances, which require urgent patches for resolution. CVE-2023-6548 is a remote code execution (RCE) vulnerability that allows an authenticated attacker with low-level privileges to exploit the system. On the other hand, CVE-2023-6549 is a denial of service (DoS) vulnerability … Read more

Zero-Day Flaw in Google Pixel Firmware Identified, Exploited, and Fixed

by
Zero-Day Flaw in Google Pixel Firmware Identified, Exploited, and Fixed

Google recently issued a warning about a critical security flaw affecting Google Pixel Firmware, known as CVE-2024-32896. This vulnerability allows attackers to gain unauthorized access to devices by elevating their privileges, bypassing security protocols. The flaw is actively exploited in targeted attacks, prompting Google to release a security update for Pixel devices in June 2024, … Read more