Nearly a third of the top 15 abused bugs last year were attributed to Cisco products, with the NetScaler ADC and Gateway code injection issue, tracked as CVE-2023-3519, being the most dominant vulnerability, having been leveraged to compromise critical infrastructure entities across the U.S.
Immediate patching of the severe vulnerabilities in impacted Aruba Network products, including AOS-10.4.x.x: 10.4.1.4 and below, Instant AOS-8.12.x.x: 8.12.0.2 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below, has been urged by Arctic Wolf researchers despite lack of evidence suggesting active exploitation.
Such an issue stems from Microsoft Bookings enabling the creation of Shared Booking Pages by default for users with proper Microsoft 365 licenses and automated Booking Page name-based email address generation, which could be exploited to create legitimate-looking email addresses for malicious activity, according to a report from Cyberis.
Exploitation of the vulnerability, which arises from lacking file validation in the file reading and deletion-managing functions, could be conducted through the delivery of specially crafted HTTP POST requests to all all WPLMS versions up to 4.962, which would then allow critical file reading or deletion.
Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memorie...
