Security Research

CVE Research

QNAP Addresses Two Critical Vulnerabilities in QTS Operating System and Applications.

QNAP Systems has promptly resolved two critical vulnerabilities, CVE-2023-23368 and CVE-2023-23369, which involved command injection. They were discovered within the QTS operating system and associated applications used on their network-attached storage (NAS) devices. These vulnerabilities could hav...

CVE Research

Top Network Vulnerability Tools for Effective Cyberattack Prevention 2023

Network vulnerability tools are an essential part of your organization’s cybersecurity, without which your network will be left helpless. To stop threat actors from entering your network, network vulnerability tools are necessary for combating cyberattacks, and the importance of these tools can’t be...

CVE Research

F5 Issues Warning: BIG-IP Vulnerability Used In Active Exploit Chain

According to F5, a critical security vulnerability in BIG-IP is being actively exploited after its public disclosure. CVE-2023-46747, resulting in remote code execution, is being further used to exploit CVE-2023-46748, an SQL injection vulnerability.

CVE Research

Data Breach in the Healing Sphere – Cyberattack Hits 5 Hospitals!

In recent news, a cyberattack hit 5 hospitals and healthcare, forcing some emergency rooms to be closed and ambulances diverted. A ransomware attack on a shared IT service organization caused the attack, which is forcing 5 hospitals in Ontario to reschedule patient appointments. They also forced to ...

CVE Research

iLeakage: Uncovering Browser-Based Speculative Execution Attacks in Apple Safari For Email and Password Theft

An academic research team has developed a novel speculative side-channel attack, which they’ve named “iLeakage.” This attack highlights a security risk targeting vulnerabilities in recent Apple Inc. devices, enabling the extraction of sensitive data from Apple’s Safari web browser.

CVE Research

Citrix Bleed: Critical Information Disclosure Vulnerability In Citrix NetScaler, Patch Now!

According to a security bulletin released by Citrix this month, their recent patches include a fix for a flaw with a CVSS score of 9.4. If that high score wasn’t enough to make you run to patch your device, the flaw has reportedly been exploited as a zero-day in the wild since August 2023, and the e...

CVE Research

Discover The High Severity Heap buffer Overflow Vulnerability in cURL (CVE-2023-38545)

The cURL development team has recently disclosed a high-severity heap buffer overflow vulnerability (CVE-2023-38545), which poses a substantial risk of enabling remote code execution in applications utilizing the impacted iterations of the cURL library.

CVE Research

Microsoft’s October 2023 Patch Tuesday Fixes 104 Vulnerabilities, Including 3 Zero Days

CVE Research

SanerNow Risk Prioritization

In today’s rapidly evolving threat landscape, managing vulnerabilities has become a paramount concern for organizations. With an ever-increasing number of vulnerabilities and a constant influx of new threats, prioritizing remediation efforts is crucial. Traditional risk scoring methods, such as CVSS...