Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop
Software maker Adobe on Tuesday released fixes for at least 13 security vulnerabilities in multiple product lines, warning that critical flaws in Adobe Commerce and…
Category: SecurityWeek
New ‘Grayling’ APT Targeting Organizations in Taiwan, US
A previously unknown advanced persistent threat (APT) actor has been targeting Taiwanese organizations across multiple sectors, Broadcom’s Symantec cybersecurity unit reports. As part of a…
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal
A variant of the Mirai botnet has recently updated its arsenal of tools with 13 exploits targeting vulnerabilities in IoT devices from D-Link, TP-Link, Zyxel,…
‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
Cloudflare, Google and AWS revealed on Tuesday that a new zero-day vulnerability named ‘HTTP/2 Rapid Reset’ has been exploited by malicious actors to launch the…
SAP Releases 7 New Notes on October 2023 Patch Day
German software maker SAP this week announced the release of seven new and two updated security notes as part of its October 2023 Security Patch…
SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta
SecurityWeek will host its 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23–26, 2023 at the InterContinental Atlanta Buckhead. Now in its 22nd year, the conference…
Twistlock Founders Score Whopping $51M Seed Funding for Gutsy
The team of entrepreneurs that created and sold Twistlock to Palo Alto are peeling the wraps of a brand new cybersecurity upstart focused on redefining…
One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems
GitHub’s Security Lab has warned Linux users about a serious remote code execution vulnerability affecting a component of the popular GNOME desktop environment. The flaw…
Magecart Web Skimmer Hides in 404 Error Pages
A recent Magecart web skimming campaign is using three concealment techniques, including by hiding the malicious code in the targeted website’s ‘404’ error page, Akamai’s…
Cable Giant Volex Targeted in Cyberattack
UK-based cable manufacturing giant Volex (AIM: VLX) has been targeted in a cyberattack that involved unauthorized access to some of the company’s IT systems and…
Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites
A recently patched vulnerability affecting a plugin associated with the Newspaper and Newsmag themes has been exploited to hack thousands of WordPress websites as part…
Credential Harvesting Campaign Targets Unpatched NetScaler Instances
A credential harvesting campaign is targeting Citrix NetScaler gateways that have not been patched against a recent vulnerability, IBM reports. Tracked as CVE-2023-3519 (CVSS score…