Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.

Continue ReadingCisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Another 3 Pulse Connect Secure Critical vulnerabilities discovered

Ivanti has discovered three new Pulse Connect Secure (PCS) Critical vulnerabilities CVE-2021-22894, CVE-2021-22899 and CVE-2021-22900, nearly two weeks after reported active exploits against other PCS vulnerabilities.

Continue ReadingAnother 3 Pulse Connect Secure Critical vulnerabilities discovered

Alert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)

CISA warned attackers continue to exploit Pulse Connect Secure vulnerabilities. The alert was issued after CISA confirmed malicious activity on public and private entity networks. Additional detection methods were also added on April 30.

Continue ReadingAlert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)

“BadAlloc” vulnerabilities impact broad range of IoT and OT devices

Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed "BadAlloc" that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.

Continue Reading“BadAlloc” vulnerabilities impact broad range of IoT and OT devices

New Supernova malware analysis reveals new APT cyberattack methods against vulnerable SolarWinds infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new analysis report on Supernova malware used in a cyberattack and long term compromise of an entity's network and SolarWinds systems.

Continue ReadingNew Supernova malware analysis reveals new APT cyberattack methods against vulnerable SolarWinds infrastructure