SiliconAngle reports that Intel, American Megatrends, and Phoenix Technologies have been confirmed to be impacted by nine vulnerabilities within the widely used Unified Extensible Firmware Interface firmware TianoCore EDK II dubbed "PixieFail," which could be exploited to enable denial-of-service attacks, data leaks, and DNS cache poisoning.
Organizations using Citrix NetScaler ADC and Gateway appliances have been urged to immediately apply updates addressing two zero-day flaws, which have been leveraged in ongoing attacks, BleepingComputer reports.
Ongoing intrusions leveraging an already patched critical privilege escalation flaw impacting Microsoft SharePoint, tracked as CVE-2023-29357, have been flagged by the Cybersecurity and Infrastructure Security Agency, which has added the issue to its Known Exploited Vulnerabilities catalog, The Hacker News reports.
Two vulnerabilities in Ivanti Connect Secure VPN devices can be chained together by a threat actor to craft malicious requests and execute arbitrary commands on the system.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.