May 23, 2024
Via: CSO OnlineSecurity researchers at Tenable have discovered a potentially critical memory corruption vulnerability in Fluent Bit, a core component in the monitoring infrastructure of many cloud services. The vulnerability, dubbed Linguistic Lumberjack and tracked as CVE-2024-4323, stems from coding flaws within […]
May 15, 2024
Via: CSO OnlineMicrosoft released its monthly batch of security fixes on Tuesday, which included patches for three vulnerabilities that already had exploits available. Two of those vulnerabilities are being actively exploited, with one being used by multiple groups to deliver malware, including […]
November 6, 2023
Via: CSO OnlineCisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued […]
October 10, 2023
Via: CSO OnlineOver the past two months attackers have been abusing a feature of the HTTP/2 web communication protocol that makes web application servers, load balancers, and web proxies vulnerable to distributed denial-of-service (DDoS) attacks of unprecedented scale. Google, AWS, Cloudflare, and […]
September 15, 2023
Via: CSO OnlineHow are bad actors getting access to organizations? In many cases, they simply log in. Sophos research finds that one of the most common root cause of attacks is compromised credentials. In fact, 30% of respondents to its 2023 Active […]
September 7, 2023
Via: CSO OnlineCompanies using Microsoft Teams got news earlier in the summer of 2023 that a Russian hacker group was using the platform to launch phishing attacks, putting a new spin on a long-known attack strategy. According to Microsoft Threat Intelligence, the […]
August 30, 2023
Via: Network WorldVMware is advising customers to upgrade or patch its Aria for Network Operations software because of potential security problems. VMware Aria is the vendor’s multi-cloud management platform that integrates previously separate VMware services such as vRealize Automation, vRealize Operations, vRealize […]
August 23, 2023
Via: CSO OnlineContainerized applications bring many benefits — they are a fast way to deploy software across multiple computing environments. But securing containers is a challenge, since their unique attributes, particularly their ephemeral nature, means that they have been treated differently by […]
August 7, 2023
Via: CSO OnlineThe use of zero-day and one-day vulnerabilities has led to a 143% increase in total ransomware victims between Q1 2022 and Q1 2023, according to new research from cloud security vendor Akamai. The firm’s Ransomware on the Move: Exploitation Techniques […]
August 7, 2023
Via: CSO OnlineAnyone in cybersecurity who has had to deal with vulnerabilities in technology systems has inevitably run into the Common Vulnerability Scoring System (CVSS). Whether or not the name is instantly recognizable, phrases determining vulnerabilities as “critical” or “high” or the […]
August 2, 2023
Via: CSO OnlineThe software supply chain is a vast, global landscape made up of a complicated web of interconnected software producers and consumers. As such, it comes with numerous risks and vulnerabilities that affect all software–including those from third parties and outside […]
July 28, 2023
Via: CSO OnlineThe frequency and severity of security issues found over the years in the firmware of baseboard management controllers (BMCs) present in server motherboards highlight an often overlooked, yet critical area of IT infrastructure security. The latest addition to the growing […]
June 20, 2023
Via: Data Centre & Network NewsArcserve has released a segment from its annual independent global research. It focuses on government IT departments’ approach and experience with ransomware and data recovery preparedness. The findings reveal several weaknesses that can hamper government departments’ fight against ransomware and […]
June 5, 2023
Via: CSO OnlineMore information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied some of the attacks to a threat actor associated […]
May 18, 2023
Via: CSO OnlineCisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices […]
April 21, 2023
Via: CSO OnlineCisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation […]
December 28, 2022
Via: CSOThe Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its […]
November 1, 2022
Via: CSOThe OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library. The project’s maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has […]
September 22, 2022
Via: CSOAt the foundation of cybersecurity is the need to understand your risks and how to minimize them. Individuals and organizations often think about risk in terms of what they’re trying to protect. When talking about risk in the IT world, […]
September 16, 2022
Via: CSOEarlier this week, Chris DeRusha, federal CISO and deputy national cyber director in the White House, announced the release of Office of Management and Budget (OMB) guidance to ensure federal agencies rely only on software that has been built following […]