Zimbra and Cisco have reported on critical security vulnerabilities impacting their respective products, reports The Hacker News.
Threat actors could leverage the cross-site scripting flaw in Zimbra Collaboration Suite Version 8.8.15 to facilitate data compromise, according to Zimbra, which has already addressed the flaw via input sanitization but urged users to manually fix the bug amid the imminent arrival of a patch.
Attacks exploiting the flaw have been noted by Google Threat Analysis Group researcher Maddie Stone.
On the other hand, Cisco has already patched the critical SD-WAN vManage software flaw, tracked as CVE-2023-20214, which could be abused to provide read and write permissions to later enable information retrieval efforts.
"A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," said Cisco, which emphasized that there has been no evidence suggesting any active exploitation of the addressed vulnerability.
As companies migrate to the cloud, the industry needs a new way to manage data and network security, but security analysts warn that only the most well-heeled enterprises can afford the new zero-trust open approach Oracle touts.
Operators of the Bumblebee malware loader have launched a new campaign involving the exploitation of 4shared Web Distributed Authoring and Versioning services following a two-month hiatus, according to BleepingComputer.
Infrequently used Amazon Web Services products AWS Fargate, AWS Amplify, and Amazon SageMaker, have been targeted by the new Indonesian cloud-native cryptojacking operation AMBERSQUID for cryptomining activities, according to The Hacker News.