Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat…
Tag: Security Affairs
December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products. The vulnerabilities addressed by the company impact Microsoft Windows…
Ukrainian military intelligence service hacked the Russian Federal Taxation Service
The Ukrainian government’s military intelligence service announced the hack of the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence Directorate of the Ministry of Defense of Ukraine announced they have compromised the Russian Federal Taxation Service (FNS). The…
Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack
Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked to the ongoing conflict. Kyivstar, the largest Ukraine service provider was down after a major cyber attack. The Ukrainian telecommunications company provides…
Dubai’s largest taxi app exposes 220K+ users
The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubai’s Roads and Transport Authority, leaked a…
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco…
Apple released iOS 17.2 to address a dozen of security flaws
Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws. The most severe flaw is a memory corruption issue…
Toyota Financial Services discloses a data breach
Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to…
Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2
The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation…
CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of…