The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned of cyberattacks targeting a recently addressed vulnerability in Zoho ManageEngine.Acquired by Zoho in 2014, the enterprise IT software provides management capabilities for identity and access, endpoints, enterprise services, security information and events, and IT operations.Tr

Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.Magento is an open-source e-commerce platform owned by Adobe, used by approximately 170,000 online shopping websites worldwide.The CVE-2022-24086 vulnerability was discovered

Cloud security company Wiz has published information on an Oracle Cloud Infrastructure (OCI) vulnerability allowing attackers to modify users’ storage volumes without authorization.Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cl

Researchers at threat detection and response company Trellix have resurrected a 15-year-old Python vulnerability, showing that it’s more serious than initially believed and that it could affect hundreds of thousands of applications.The vulnerability in question is CVE-2007-4559, initially described as a directory traversal vulnerability in Python’s ‘tarfile’

Research shows that companies can have over 100,000 vulnerabilities in their systems, but 85% cannot realistically be exploitedVulnerability management firm Rezilion commissioned Ponemon Institute to conduct research into the state of vulnerability management, given the known difficulties in timely patching and the continuous growth in the number of new vuln

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor’s instructions to fix them.Of the six security flaws, only one was disclosed this year. It impacts Trend Micro’s Apex One platform for automated

Multiple Netgear router models are vulnerable to arbitrary code execution via FunJSQ, a third-party module for online game acceleration, European security and compliance assessment company Onekey warns.Integrated in various Netgear routers and Orbi WiFi systems, the gaming optimization module is developed by China-based Xiamen Xunwang Network Technology.What

Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.The screenshots shared by the hacker and seen by BleepingComputer show what appears to be full access to many critical Uber IT systems, including the company's securi

There’s been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out there doing damage with no fix yet available. Sadly, th

Many WordPress sites are at risk of full compromise as attackers are actively exploiting a zero-day vulnerability in the WPGateway plugin, Defiant’s WordFence team warns.A premium plugin for the WPGateway cloud service, the WPGateway plugin provides users with WordPress installation, backup, and cloning capabilities.Tracked as CVE-2022-3180 (CVSS score of 9.

Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat “hacks, malware, user error, deleted files, and running bad commands”. Unfortunately, running an older version of BackupBuddy could leave your site open to potential breaches.

Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible.Apex One is an endpoint security platform that provides businesses with automated threat detection and response against malicious tools, malware, and vulnerabilities.This flaw (CVE-2022-40139) enables attackers to

Trend Micro announced on Tuesday that it has patched several flaws in its Apex One endpoint security product, including a zero-day vulnerability.The exploited vulnerability is tracked as CVE-2022-40139 and it has been described as an improper validation issue related to a rollback function. The security hole allows the agent to download unverified rollback c

The Lorenz ransomware group was seen exploiting a critical-severity vulnerability in Mitel MiVoice VoIP appliance for initial access into a victim’s network, cybersecurity firm Arctic Wolf reports.Active since at least 2021, the Lorenz ransomware gang has been engaging in double-extortion activities: in addition to encrypting a victim’s files, the group exfi

Cisco has announced patches for a high-severity vulnerability in the binding configuration of SD-WAN vManage software containers.Tracked as CVE-2022-20696, the issue exists because of insufficient protection mechanisms on messaging server container ports, allowing an unauthenticated attacker to connect to an affected system using these ports.“To exploit this