Sitecore zero-day vulnerability springs up from exposed machine key
The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.
Advertisement
watchTowr Labs
Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June
The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.
Mass attack spree hits Microsoft SharePoint zero-day defect
Attackers have already used the exploit dubbed “ToolShell” to intrude hundreds of organizations globally, including private companies and government agencies.
Questions mount as Ivanti tackles another round of zero-days
The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.
Here’s all the ways an abandoned cloud instance can cause security issues
Research released Tuesday by watchTowr shows how easy an old storage bucket can be repurposed by malicious attackers.
Malicious hackers have their own shadow IT problem
Researchers at watchTowr Labs found that abandoned and expired internet infrastructure left by hacking groups can function as backdoors within other backdoors.
Advertisement