Latest news and security related events around the web
Jun 22, 2023 by Shah Sheikh: PoC Exploit Published for Cisco AnyConnect Secure Vulnerability: A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.
Click for more...
Jun 23, 2023 by CERT.be: Warning: Multiple high-severity vulnerabilities (CVE-2023-35928, CVE-2023-35172, CVE-2023-32320, CVE-2023-32319) in NextCloud Server and NextCloud Enterprise Server. #Patch #Patch #Patch
Jun 13, 2023 by IPMasters: Palo Alto Firewalls under attacks. CISA is warning that PaloAlto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Palo Alto issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.
Jun 24, 2023 by Bishop Fox: If you use the TaskCafe open-source PM tool version 0.3.2 or older, check out our security advisory on how you can protect yourself against 2 vulnerabilities recently identified by Bishop Fox researchers: CVE-2023-26770 and CVE-2023-26771.
Jun 24, 2023 by CS Threat Intel: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178): Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure.
Jun 22, 2023 by Shah Sheikh: Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure: The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online.
Jun 23, 2023 by CERT.be: Warning: High-severity (7.8) privilege escalation vulnerability (CVE-2023-2008) affecting multiple versions of the Linux Kernel (up to and excluding version 5.19). #Patch #Patch #Patch
Jun 23, 2023 by Shah Sheikh: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178): Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure.
[Jun 23, 2023 by Trending Cyber Security Threats Scanner](https://twitter.com/chartartScanner/status/167223752362Here are the latest tweets about new high severity or critical severity CVEs:
Jun 22, 2023 by Shah Sheikh: PoC Exploit Published for Cisco AnyConnect Secure Vulnerability: A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.
Jun 23, 2023 by CERT.be: Warning: Multiple high-severity vulnerabilities (CVE-2023-35928, CVE-2023-35172, CVE-2023-32320, CVE-2023-32319) in NextCloud Server and NextCloud Enterprise Server. #Patch #Patch #Patch
Jun 13, 2023 by IPMasters: Palo Alto Firewalls under attacks. CISA is warning that PaloAlto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Palo Alto issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.
Jun 24, 2023 by Bishop Fox: If you use the TaskCafe open-source PM tool version 0.3.2 or older, check out our security advisory on how you can protect yourself against 2 vulnerabilities recently identified by Bishop Fox researchers: CVE-2023-26770 and CVE-2023-26771.
Jun 24, 2023 by CS Threat Intel: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178): Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure.
Jun 22, 2023 by Shah Sheikh: Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure: The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online.
Jun 17, 2023 by SPIXNET: GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
Jun 23, 2023 by Shah Sheikh: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178): Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure.
Jun 22, 2023 by Shah Sheikh: PoC Exploit Published for Cisco AnyConnect Secure Vulnerability: A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.
Jun 23, 2023 by CERT.be: Warning: Multiple high-severity vulnerabilities (CVE-2023-35928, CVE-2023-35172, CVE-2023-32320, CVE-2023-32319) in NextCloud Server and NextCloud Enterprise Server. #Patch #Patch #Patch
Jun 13, 2023 by IPMasters: Palo Alto Firewalls under attacks. CISA is warning that PaloAlto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Palo Alto issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.
Jun 24, 2023 by Bishop Fox: If you use the TaskCafe open-source PM tool version 0.3.2 or older, check out our security advisory on how you can protect yourself against 2 vulnerabilities recently identified by Bishop Fox researchers: CVE-2023-26770 and CVE-2023-26771.
Jun 24, 2023 by CS Threat Intel: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178): Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure.
Jun 22, 2023 by Shah Sheikh: Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure: The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online.
Jun 23, 2023 by CERT.be: Warning: High-severity (7.8) privilege escalation vulnerability (CVE-2023-2008) affecting multiple versions of the Linux Kernel (up to and excluding version 5.19). #Patch #Patch #Patch
Jun 23, 2023 by Shah Sheikh: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178):Here are the latest tweets about new high severity or critical severity CVEs:
Jun 22, 2023 by Shah Sheikh: PoC Exploit Published for Cisco AnyConnect Secure Vulnerability: A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.
Jun 23, 2023 by CERT.be: Warning: Multiple high-severity vulnerabilities (CVE-2023-35928, CVE-2023-35172, CVE-2023-32320, CVE-2023-32319) in NextCloud Server and NextCloud Enterprise Server. #Patch #Patch #Patch
Jun 13, 2023 by IPMasters: Palo Alto Firewalls under attacks. CISA is warning that PaloAlto Networks’ PAN-OS is under active attack and needs to be patched ASAP. Palo Alto issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.
Jun 24, 2023 by Bishop Fox: If you use the TaskCafe open-source PM tool version 0.3.2 or older, check out our security advisory on how you can protect yourself against 2 vulnerabilities recently identified by Bishop Fox researchers: CVE-2023-26770 and CVE-2023-26771.
Jun 24, 2023 by CS Threat Intel: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178): Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure.
Jun 22, 2023 by Shah Sheikh: Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure: The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online.
Jun 23, 2023 by CERT.be: Warning: High-severity (7.8) privilege escalation vulnerability (CVE-2023-2008) affecting multiple versions of the Linux Kernel (up to and excluding version 5.19). #Patch #Patch #Patch
Jun 23, 2023 by Shah Sheikh: PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178):Here are the latest tweets about new high severity or critical severity CVEs
CREATED 2 DAYS AGO by AlienVaultPublic TLP: White
The earliest identified evidence of exploitation of CVE-2023-2868 is currently October 2022. Barracuda also noted that malware was placed on a subset of vulnerable appliances to allow for persistence even if the vulnerability were patched. Additionally, evidence of data exfiltration was identified on a subset of impacted appliances. Because of this, on June 6, Barracuda updated its advisory, notifying customers to immediately replace ESG appliances regardless of patch version level. This issue is critical for every organization currently using the Barracuda Email Security Gateway Appliance.
REFERENCE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-action-response-zero-day-vulnerability-in-barracuda-email-security-gateway-appliance-esg-cve-2023-2868/
TAGS: '#Barracuda Email Security Gateway', '#Zero Day Vulnerability', '#ESG appliances', CVE-2023-2868
ATT&CK IDS: 'TA0001 - Initial Access, T1011 '- 'Exfiltration Over Other Network Medium', 'TA0011 - Command and Control', 'T1496 - Resource Hijacking'