Worries mount over max-severity GoAnywhere defect
Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.
Advertisement
watchTowr Labs
Researchers raise alarm over maximum-severity defect in GoAnywhere file-transfer service
The vendor didn’t provide evidence of active exploitation, yet experts said it’s only a matter of time before that changes.
Sitecore zero-day vulnerability springs up from exposed machine key
The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.
Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June
The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.
Mass attack spree hits Microsoft SharePoint zero-day defect
Attackers have already used the exploit dubbed “ToolShell” to intrude hundreds of organizations globally, including private companies and government agencies.
Questions mount as Ivanti tackles another round of zero-days
The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.
Advertisement
Here’s all the ways an abandoned cloud instance can cause security issues
Research released Tuesday by watchTowr shows how easy an old storage bucket can be repurposed by malicious attackers.
Malicious hackers have their own shadow IT problem
Researchers at watchTowr Labs found that abandoned and expired internet infrastructure left by hacking groups can function as backdoors within other backdoors.