In a March 3, 2022 report, the agency reported that , "These types of vulnerabilities are a common attack vector for malevolent cyber actors and represent significant risk to the federal organisation." The US CISA published 95 new security weaknesses to its Known Exploited Vulnerabilities Catalog this week, bringing the total number of actively exploited … Continue reading CISA Expands Its List Of Actively Exploited Vulnerabilities By 95.
GitLab released a fix for CVE-2021-4191, which is an instance of CWE-359, "Exposure of Private Personal Information to an Unauthorized Actor," on February 25, 2022. GitLab versions since 13.0 were affected by the now-patched vulnerability. A missing authentication check when executing some GitLab GraphQL API queries caused the vulnerability. This vulnerability can be used by … Continue reading Thousands Of GitLab Instances Are Affected By A New Security Issue.
According to SentinelOne researchers Amitai Ben Shushan Ehrlich and Yair Rigevsky, "TunnelVision actions are characterised by widespread exploitation of 1-day vulnerabilities in target regions , with intrusions spotted in the Middle East and the United States." TunnelVision's activities in target regions are characterised by widespread exploitation of one-day vulnerabilities. We've seen widespread exploitation of Fortinet … Continue reading Iranian Hackers Use Vulnerability In VMware Horizon Log4j To Spread Ransomware.
Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group reporting the flaw , "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild. Google released fixes for eight security issues in the Chrome web browser on Monday, including a high-severity vulnerability that is actively being exploited in real-world attacks, marking … Continue reading A New Chrome 0 -Day Vulnerability Is Being Actively Exploited – Update Your Browser Immediately !
Moxa’s MXview is a web-based network management system designed for monitoring and managing Moxa-based devices. MXview is made up of several components, including a NodeJS web server, a backend process called MXview Core that monitors all managed computers, a Postgres database, and a MQTT message broker that transfers messages to and from different components in … Continue reading Moxa MXview Network Management Software Has Critical Security Flaws.