The U.S. Federal Bureau of Investigation (FBI) has issued a stark warning regarding Barracuda Networks Email Security Gateway (ESG) appliances, cautioning that even with the latest patches, they remain vulnerable to potential compromise by suspected Chinese hacking groups. According to the FBI, the patches released to address the recently disclosed critical flaw in Barracuda ESG …
In a recent supply chain infiltration aimed at implanting the Korplug backdoor (also known as PlugX) into targeted systems, an unidentified APT group has been observed leveraging the “Cobra DocGuard” software. Cobra DocGuard, developed by the Chinese company “EsafeNet,” serves as a legitimate software solution for managing Consolidated Omnibus Budget Reconciliation Act documents. Symantec cybersecurity …
Carderbee Hacking Group Utilizes Genuine Software in Supply Chain Breach Read More »
A significant security vulnerability has been revealed in the WinRAR utility, which has the potential to be exploited by malicious actors to achieve remote code execution on Windows systems. This vulnerability, identified as CVE-2023-40477 with a CVSS score of 7.8, arises from improper validation during the processing of recovery volumes. The Zero Day Initiative (ZDI) …
WinRAR Vulnerability Enables Hackers to Seize Control of PCs Read More »
A blind XPath injection vulnerability has been uncovered in Apache Ivy, a component of the Apache Software Foundation, which permits malicious actors to surreptitiously retrieve sensitive data that is normally restricted to the host running Apache Ivy. This security flaw is present in versions prior to 2.5.2 and occurs during the parsing of XML files …
Two Server-Side Request Forgery (SSRF) vulnerabilities have been identified in Apache Batik, potentially enabling malicious actors to gain unauthorized access to sensitive data within the Apache Batik application. These vulnerabilities specifically pertain to Apache XML Graphics Batik and have been assigned the CVE IDs CVE-2022-44729 and CVE-2022-44730. Apache Batik is a Java-based application toolkit employed …
Vulnerabilities in Apache XML Graphics Batik Expose Confidential Data Read More »