Critical Apache Log4j2 flaw still threatens global finance

Critical Apache Log4j2 flaw still threatens global finance.
CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog.
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog.
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw.
Critical Fortinet's FortiClient EMS flaw actively exploited in the wild.
PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released.
Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites.
Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell.
APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw.
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts.
Threat actors started exploiting critical ownCloud flaw CVE-2023-49103.
Critical Confluence flaw exploited in ransomware attacks.
Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198.
Experts released PoC exploit code for VMware Aria Operations for Logs flaw.
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog.
CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog.
Apple fixed the 17th zero-day flaw exploited in attacks.
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform.
WS FTP flaw CVE-2023-40044 actively exploited in the wild.
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog.


This Cyber News was published on securityaffairs.com. Publication date: Sat, 01 Jun 2024 16:43:08 +0000


Cyber News related to Critical Apache Log4j2 flaw still threatens global finance

Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
6 months ago Securityaffairs.com
The Impact of Open-Source Software on Public Finance Management - The open-source movement holds significant potential for public agencies, too, especially in the realm of finances. Public finance has emerged as a leader in government-backed OSS, thanks largely to the move toward open banking. Benefits of OSS in ...
10 months ago Feeds.dzone.com
Two-Fifths of Log4j Apps Use Vulnerable Versions - Organizations are still exposed to critical vulnerabilities in Log4j, two years after a maximum severity bug was found in the popular utility, according to Veracode. The application security vendor analyzed data from software scans over 90 days ...
1 year ago Infosecurity-magazine.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
5 months ago Securityaffairs.com
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
11 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
A Fifth of UK SMBs Can't Spot Scams - A worrying 17% of the UK's small and medium-sized businesses can't always spot the tell-tale signs of online fraud and scams, according to new data from UK Finance. The banking industry body has been running its "Can you spot fraud?" quiz for small ...
1 year ago Infosecurity-magazine.com
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
1 year ago Darkreading.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
6 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
6 months ago Securityaffairs.com
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com
CVE-2022-21585 - Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with ...
2 years ago
CVE-2022-21582 - Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with ...
2 years ago
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
1 year ago Bleepingcomputer.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
11 months ago Techtarget.com
CVE-2022-21474 - Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with ...
2 years ago
CVE-2022-21581 - Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with ...
2 years ago
CVE-2022-21583 - Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with ...
2 years ago
CVE-2023-22122 - Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker ...
1 year ago
Cisco and Megaport Simplify Cloud Networking with Pay-As-You-Go Model - In the ever-evolving world of digital connectivity, Cisco continues to pave the way with innovative solutions not just centered around technological advances, but also around how those advances can easily be consumed by customers. Integrating Cisco ...
10 months ago Feedpress.me
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)