exploit Archives - Page 6 of 42

exploit

Attackers exploiting critical Citrix ADC, Gateway flaw, company yet to release fixes

January 9, 2020

Nearly a month has passed since Citrix released mitigation measures for CVE-2019-19781, a critical vulnerability affecting Citrix Application Delivery Controller and Citrix …

App on Google Play exploited Android bug to deliver spyware

January 8, 2020

Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android (CVE-2019-2215) to install the app …

Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack

January 6, 2020

Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager (DCNM), a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned …

Crooks are exploiting unpatched Android flaw to drain users’ bank accounts

December 3, 2019

Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app …

Apache Solr RCEs with public PoCs could soon be exploited

November 25, 2019

Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has …

Phishing attempts increase 400%, many malicious URLs found on trusted domains

October 9, 2019

1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January. A new Webroot report also highlights the …

vBulletin zero-day exploited in the wild in wake of exploit release

September 25, 2019

An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it …

Attackers are exploiting vulnerable WP plugins to backdoor sites

September 3, 2019

A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …

Google discovers websites exploiting iPhones, pushing spying implants en masse

August 30, 2019

Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and …

Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs

August 26, 2019

Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure …

Microsoft sets up isolated environment for bug hunters to test attacks against Azure

August 6, 2019

Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, …

Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways

July 22, 2019

Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ …

exploit

Attackers exploiting critical Citrix ADC, Gateway flaw, company yet to release fixes

App on Google Play exploited Android bug to deliver spyware

Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack

Crooks are exploiting unpatched Android flaw to drain users’ bank accounts

Apache Solr RCEs with public PoCs could soon be exploited

Phishing attempts increase 400%, many malicious URLs found on trusted domains

vBulletin zero-day exploited in the wild in wake of exploit release

Attackers are exploiting vulnerable WP plugins to backdoor sites

Google discovers websites exploiting iPhones, pushing spying implants en masse

Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs

Microsoft sets up isolated environment for bug hunters to test attacks against Azure

Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways

Don't miss

New infosec products of the week: January 14, 2022

How to improve your IR tabletop exercises and why you really should?

The future of security protocols for remote work

In 2022, AI-based full-suite security is needed

Phishers are targeting Office 365 users by exploiting Adobe Cloud