CyberSecurity news
@ciso2ciso.com
//
References :
- malware.news: GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems
- securityboulevard.com: GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems
- www.scworld.com: GoldenJackal threat group targets air-gapped government systems
- malware.news: Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks.
- malware.news: This article discusses the vulnerabilities patched in Microsoft's October 2024 Patch Tuesday, including the two actively exploited zero-days.
- www.mozilla.org: Critical #Firefox #vulnerability (#CVE-2024-9680) actively exploited. Update to Firefox 131.0.2, ESR 115.16.1, or ESR 128.3.1
- cyberinsider.com: Mozilla announced a critical vulnerability affecting its Firefox and Firefox ESR (Extended Support Release) browsers, which is being actively exploited in the wild.
- securityonline.info: In a recent security advisory, the Mozilla Foundation has revealed a zero-day vulnerability in its popular web browser, Firefox.
- sra.io: Critical #Firefox #vulnerability (#CVE-2024-9680) actively exploited. Update to Firefox 131.0.2, ESR 115.16.1, or ESR 128.3.1
- www.mozilla.org: Critical #Firefox #vulnerability (#CVE-2024-9680) actively exploited. Update to Firefox 131.0.2, ESR 115.16.1, or ESR 128.3.1
- www.cisa.gov: CISA Adds Three Known Exploited Vulnerabilities to Catalog
- securityaffairs.com: This story reports on Mozilla's urgent release of a Firefox update to fix the actively exploited use-after-free vulnerability CVE-2024-9680.
- malware.news: Malware.news post about the October Patch Tuesday and five zero-day vulnerabilities fixed
- cyble.com: Cyble provides detailed information about the vulnerabilities in Ivanti products, including CVE-2024-7612, CVE-2024-9379, CVE-2024-9380, and more.
- www.ivanti.com: Ivanti's official blog post addresses vulnerabilities affecting Ivanti Cloud Service Application (CSA) and other products, emphasizing the importance of updating to the latest versions.
- ciso2ciso.com: Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited – Source:thehackernews.com
- securityonline.info: This news article provides details about the sophisticated cyberattack targeting the Ivanti CSA.
- social.skynetcloud.site: Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited – Source:thehackernews.com
- www.fortinet.com: Fortinet's blog post about the vulnerabilities, including details on the attack chain, exploited vulnerabilities, and impact.
- Alerts: CISA adds the vulnerability to its catalog
- securityaffairs.com: SecurityAffairs article about the vulnerability
- securityonline.info: CISA warns about the vulnerability
- www.scworld.com: Ivanti CSA bugs leveraged in suspected nation-state attack
- malware.news: Malware.news report on Ivanti CSA bugs leveraged in a suspected nation-state attack
- social.skynetcloud.site: SecurityWeek.com's news on Chinese state hackers suspected in Ivanti CSA zero-day attacks
Classification:
- HashTags: #Ivanti #CSA #CVE-2024-8190 #ZeroDay
- Company: Ivanti
- Target: Ivanti Cloud Service Appliance
- Attacker: China
- Product: Cloud Service Appliance
- Feature: Authentication Mechanism
- Malware: CVE-2024-8190
- Type: Vulnerability
- Severity: Major