Pro-Russian Hacktivists Preparing Cyber Attack on Western Financial Systems
Several Pro-Russian hacktivists have declared that they plan to launch a large-scale cyber attack on the Western Financial system within the next 48 hours. The three primary groups, KillNet, REvil and Anonymous Sudan, have formed an alliance to prepare and launch a large cyber attack. The alliance reportedly plans to carry out a distributed denial […]
Critical RCE Fortinet FortiGate Firewalls
Several patches have been released by Fortinet to address a critical security vulnerability in its FortiGate Firewalls and FortiProxy SSL-VPN that would allow a threat actor to initialise remote code execution via a heap-based buffer overflow vulnerability. The vulnerability, tracked as CVE-2023-27997, is a heap-based buffer overflow vulnerability in SSL VPN devices in Forti OS […]
MOVEit Zero-Day Vulnerability
A critical zero-day vulnerability in a secure file transfer software has been declared. “MOVEit” file transfer application by Progress Software Corporation (Progress) has been assigned a critical CVE: CVE-2023-34362. Qualys has classified the CVSS base score as 10 and the CVSS 3.1 base as 9.8. The critical flaw entails severe SQL injection vulnerability that has […]
Russian hackers target UK’s critical infrastructure
Russian hackers are actively looking to target Britain’s critical infrastructure, such as energy and water, with the goal of ‘disrupt or destroy’, a Cabinet Office minister has warned. Hacking groups from Russia have focussed their attention to the UK in recent months, Oliver Dowden mentioned in a speech. The National Cyber Security Centre (NCSC) has […]
Microsoft Outlook Elevation of Privilege – CVE-2023-23397
CVE-2023-23397 is an elevation of privilege vulnerability in Microsoft Outlook that was assigned a CVSSv3 score of 9.8 with reports that it is activity being exploited in the wild. The vulnerability can be exploited by sending a malicious email to a vulnerable version of Outlook with an extended MAPI property with a UNC path to […]
Microsoft SPNEGO NEGOEX Vulnerability
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX (CVE-2022-37958) to a designation of “Critical” (maximum severity for their products): CVSS score 8.1. The CVE had previously been given a designation of “Important”: CVSS score of 7.5, but recent analysis of the patch identified that the vulnerability allowed remote code execution in a similar manner to […]