New critical Citrix ADC and Gateway flaw exploited as zero-days

Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly urges” to install updated versions without delay. […]   Read More 

BleepingComputer 

Related Posts

Nessus Plugin Flaw Let Attacker’s to Escalate the Privileges

Nessus Plugin Flaw Let Attacker’s to Escalate the Privileges

Nessus, developed by Tenable, is one of the highly used vulnerability scanning tools by organizations due to its effectiveness and other features.

Nessus has multiple plugins that can be used depending on the tool’s usage. The tool operates by checking each port on a computer, identifying what service it is operating, and then testing this service to ensure that it does not contain any vulnerabilities that a hacker could exploit.

A Nessus plugin vulnerability was discovered and reported as part of the Tenable Vulnerability Disclosure Program (VDP).

This vulnerability exists on the binary of filesystem location that can allow threat actors to escalate privileges by abusing the plugin.

CVE-2023-2005: Tenable Plugin Privilege Escalation Vulnerability

An attacker with sufficient permissions on a scan target will be able to place a binary on the filesystem in a specific location and abuse the plugin for escalating privileges.

This vulnerability has a CVSS score of 6.3 (medium) as given by Tenable, and was discovered by a Security researcher named Patrick Romero from CrowdStrike.

Security Updates

Tenable has released security patches for this vulnerability. Their community post also mentioned that the Java Detection and Identification had been updated to prevent this privilege escalation vulnerability.

This vulnerability has a low success exploitation ratio. However, Tenable Security researchers have released necessary security patches for all the vulnerable products.

Affected Products

Products affected by this vulnerability include;

Tenable.io

Tenable Nessus

Tenable Security Center

Users of the above-mentioned products are recommended to update to the latest security update to prevent this vulnerability. New versions of the plugin can be found here.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.

The post Nessus Plugin Flaw Let Attacker’s to Escalate the Privileges appeared first on Cyber Security News.

   Read More 

Cyber Security News 

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider.
The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the Read More