all InfoSec news
Cisco, VMware, Citrix Vulnerabilities - ThreatWire
Oct. 25, 2023, 8:41 p.m. | Hak5
Hak5 www.youtube.com
Cisco's recent zero-day exploit takes an obfuscation turn, VMware alerts users of a significant auth bypass flaw, and Citrix grapples with session hijacking attacks that have CISA raising an eyebrow.
[!!] ThreatWire Patreon has moved to https://www.patreon.com/threatwire - thanks for your support!
LINKS
Cisco
https://thehackernews.com/2023/10/backdoor-implant-on-hacked-cisco.html
https://twitter.com/VulnCheckAI/status/1716541908489543725
https://twitter.com/onyphe/status/1715633541264900217
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html
https://www.cisa.gov/news-events/alerts/2023/10/23/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities
VMWare
https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
https://github.com/horizon3ai/CVE-2023-34051
Citrix
https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html
https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
https://www.cisa.gov/news-events/alerts/2023/10/19/cisa-adds-two-known-exploited-vulnerabilities-catalog
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through …
alerts attacks auth award bypass cisa cisco citrix educational exploit flaw gear hak5 hijacking industry infosec links mission obfuscation pentest podcasts session session hijacking turn vmware winning zero-day zero-day exploit
More from www.youtube.com / Hak5
AntiVirus is a Virus - ThreatWire
21 hours ago |
www.youtube.com
New PuTTY Vulnerability - ThreatWire
1 week, 2 days ago |
www.youtube.com
Writing Threatwire Live with @endingwithali
2 weeks, 2 days ago |
www.youtube.com
New OMG Cable - Woven & Unmarked
2 weeks, 2 days ago |
www.youtube.com
A New Kind of Phishing Attack - ThreatWire
2 weeks, 5 days ago |
www.youtube.com
OWASP Oopsies and Calling XZ What It Is - ThreatWire
3 weeks, 4 days ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC
@ SAP | Dublin 24, IE, D24WA02
Product Security Response Engineer
@ Intel | CRI - Belen, Heredia
Application Security Architect
@ Uni Systems | Brussels, Brussels, Belgium
Sr Product Security Engineer
@ ServiceNow | Hyderabad, India
Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)
@ FiscalNote | United Kingdom (UK)