CVE-2019-19781

Top 30 most commonly exploited vulnerabilities over 2020 and 2021

Cybersecurity experts from Australia, U.K., and U.S. governments have released a list of the most commonly exploited vulnerabilities over 2020 and 2021.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations

Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer “Zerologon” to target government networks, critical infrastructure, and elections organizations.

Tags: , , , , , , , , , , , , , , , , ,

Chinese threat actors targeting U.S. government agencies and these 4 CVEs

Chinese Ministry of State Security (MSS)-affiliated cyber threat actors are targeting U.S. government agencies, as well as exploiting four popular vulnerabilities over the past 12 months.

Tags: , , , , , , , , , , , ,

Patch these 10 most commonly exploited vulnerabilities

U.S. government cybersecurity experts are providing guidance on the “top 10” most commonly exploited vulnerabilites. The alert helps highlight the importance of patching and prioritizing vulnerabilities with known exploits.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

APT41 launches broad cyber campaign with multiple exploits

Researchers from FireEye have discovered Chinese cyber threat group APT41 carry out a broad cyber campaign between January 20 and March 11, 2020. The actors have attempted to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products against 75 FireEye customers.

Tags: , , , , , , , ,

Citrix patches Critical vulnerability exploited in the wild (updated)

Citrix has made available a new permanent fix for a critical vulnerability CVE-2019-19781 in affected versions of Citrix SD-WAN WANOP. The update comes nearly five days after Citrix provided firmware updates for the same vulnerability in Application Delivery Controller (ADC) and Citrix Gateway products. An unathenticated attacker could exploit the vulnerability and execute arbitrary code.

Tags: , , , , , ,