Ongoing intrusions leveraging an already patched critical privilege escalation flaw impacting Microsoft SharePoint, tracked as CVE-2023-29357, have been flagged by the Cybersecurity and Infrastructure Security Agency, which has added the issue to its Known Exploited Vulnerabilities catalog, The Hacker News reports.
Two vulnerabilities in Ivanti Connect Secure VPN devices can be chained together by a threat actor to craft malicious requests and execute arbitrary commands on the system.
Apache's open-source software utility collection Hadoop and open-source, unified stream-processing, and batch-processing framework Flink are being targeted in new malware attacks that involve packers and rootkits to evade detection, SiliconAngle reports.
Kyocera Device Manager instances impacted by the already patched path traversal vulnerability, tracked as CVE-2023-50916, could be targeted by threat actors to facilitate further malicious activity, including unauthorized account access and data exfiltration, reports The Hacker News.
Fixes have been released by QNAP to address 12 security flaws, many of which are high-severity, impacting its various products, according to SecurityWeek.