A cyber attack hit the Australian software provider Energy One

The Australian software provider Energy One announced it was hit by a cyberattack last week that affected certain corporate systems in Australia and the UK. The Australian software provider Energy One announced that a cyberattack hit certain corporate systems in Australia and the UK last week. Energy One is a global supplier of software products […]

The post A cyber attack hit the Australian software provider Energy One appeared first on Security Affairs.

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can […]

The post CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Ivanti fixed a new critical Sentry API authentication bypass flaw

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product. The vulnerability could be exploited to access sensitive API data and configurations, run […]

The post Ivanti fixed a new critical Sentry API authentication bypass flaw appeared first on Security Affairs.

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (

openappsec: machine learning security engine to prevents threats against Web Application & APIs

openappsec open-appsec (openappsec.io) builds on machine learning to provide preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy (soon), and API Gateways....

The post openappsec: machine learning security engine to prevents threats against Web Application & APIs appeared first on Penetration Testing.

WordPress custom field plugin bug (CVE-2023-40068) exposes 1M sites to XSS attacks

A cross-site scripting (XSS) vulnerability has been found in the Advanced Custom Fields (ACF) and Advanced Custom Fields Pro WordPress plugins. The vulnerability, tracked as CVE-2023-40068, affects versions 6.1.0 to 6.1.7 of the plugins....

The post WordPress custom field plugin bug (CVE-2023-40068) exposes 1M sites to XSS attacks appeared first on Penetration Testing.

CISA warns of critical Adobe ColdFusion flaw (CVE-2023-26359) exploited in the wild

The Cybersecurity & Infrastructure Security Agency (CISA), a key player in ensuring America’s cyber front remains secure, has drawn attention to a severe security vulnerability affecting Adobe ColdFusion versions 2021 and 2018. The flaw,...

The post CISA warns of critical Adobe ColdFusion flaw (CVE-2023-26359) exploited in the wild appeared first on Penetration Testing.

noir: attack surface detector from source code

Noir Noir is an attack surface detector from source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions...

The post noir: attack surface detector from source code appeared first on Penetration Testing.

Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology

Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.

Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

By Waqas

Bronze Starlight hackers have been cleverly utilizing a valid Ivacy VPN code-signing certificate to target the Southeast Asian gambling industry.

This is a post from HackRead.com Read the original post: Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware