CyberSecurity news

FlagThis

@ciso2ciso.com //

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • malware.news: GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems
  • securityboulevard.com: GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems
  • www.scworld.com: GoldenJackal threat group targets air-gapped government systems
  • malware.news: Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks.
  • malware.news: This article discusses the vulnerabilities patched in Microsoft's October 2024 Patch Tuesday, including the two actively exploited zero-days.
  • www.mozilla.org: Critical #Firefox #vulnerability (#CVE-2024-9680) actively exploited. Update to Firefox 131.0.2, ESR 115.16.1, or ESR 128.3.1
  • cyberinsider.com: Mozilla announced a critical vulnerability affecting its Firefox and Firefox ESR (Extended Support Release) browsers, which is being actively exploited in the wild.
  • securityonline.info: In a recent security advisory, the Mozilla Foundation has revealed a zero-day vulnerability in its popular web browser, Firefox.
  • sra.io: Critical #Firefox #vulnerability (#CVE-2024-9680) actively exploited. Update to Firefox 131.0.2, ESR 115.16.1, or ESR 128.3.1
  • www.mozilla.org: Critical #Firefox #vulnerability (#CVE-2024-9680) actively exploited. Update to Firefox 131.0.2, ESR 115.16.1, or ESR 128.3.1
  • www.cisa.gov: CISA Adds Three Known Exploited Vulnerabilities to Catalog
  • securityaffairs.com: This story reports on Mozilla's urgent release of a Firefox update to fix the actively exploited use-after-free vulnerability CVE-2024-9680.
  • malware.news: Malware.news post about the October Patch Tuesday and five zero-day vulnerabilities fixed
  • cyble.com: Cyble provides detailed information about the vulnerabilities in Ivanti products, including CVE-2024-7612, CVE-2024-9379, CVE-2024-9380, and more.
  • www.ivanti.com: Ivanti's official blog post addresses vulnerabilities affecting Ivanti Cloud Service Application (CSA) and other products, emphasizing the importance of updating to the latest versions.
  • ciso2ciso.com: Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited – Source:thehackernews.com
  • securityonline.info: This news article provides details about the sophisticated cyberattack targeting the Ivanti CSA.
  • social.skynetcloud.site: Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited – Source:thehackernews.com
  • www.fortinet.com: Fortinet's blog post about the vulnerabilities, including details on the attack chain, exploited vulnerabilities, and impact.
  • Alerts: CISA adds the vulnerability to its catalog
  • securityaffairs.com: SecurityAffairs article about the vulnerability
  • securityonline.info: CISA warns about the vulnerability
  • www.scworld.com: Ivanti CSA bugs leveraged in suspected nation-state attack
  • malware.news: Malware.news report on Ivanti CSA bugs leveraged in a suspected nation-state attack
  • social.skynetcloud.site: SecurityWeek.com's news on Chinese state hackers suspected in Ivanti CSA zero-day attacks
Classification:
  • HashTags: #Ivanti #CSA #CVE-2024-8190 #ZeroDay
  • Company: Ivanti
  • Target: Ivanti Cloud Service Appliance
  • Attacker: China
  • Product: Cloud Service Appliance
  • Feature: Authentication Mechanism
  • Malware: CVE-2024-8190
  • Type: Vulnerability
  • Severity: Major