NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

By: Newsroom — May 21^st 2024 at 07:13

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete

The Hacker News

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

By: Newsroom — May 17^th 2024 at 06:43

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an

The Hacker News

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

By: Newsroom — May 2^nd 2024 at 06:15

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email

The Hacker News

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

By: Newsroom — April 16^th 2024 at 15:16

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS

The Hacker News

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

By: Newsroom — April 12^th 2024 at 04:32

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company. The attack, which came to light earlier this year, has been

The Hacker News

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

By: Newsroom — March 26^th 2024 at 04:54

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows - CVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 (CVSS score: 9.8) - Ivanti

FreshRSS

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products