Top

Tag: vulnerabilities


Security

Microsoft fixes three zero-day vulnerabilities, two actively exploited

May 15, 2024

Via: CSO Online

Microsoft released its monthly batch of security fixes on Tuesday, which included patches for three vulnerabilities that already had exploits available. Two of those vulnerabilities are being actively exploited, with one being used by multiple groups to deliver malware, including […]


Security

Cisco patches serious flaws in Firepower and Identity Services Engine

November 6, 2023

Via: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued […]


Security

Built-in weakness in HTTP/2 protocol exploited for massive DDoS attacks

October 10, 2023

Via: CSO Online

Over the past two months attackers have been abusing a feature of the HTTP/2 web communication protocol that makes web application servers, load balancers, and web proxies vulnerable to distributed denial-of-service (DDoS) attacks of unprecedented scale. Google, AWS, Cloudflare, and […]


Security

How Attackers Get In: Unpatched Vulnerabilities and Compromised Credentials

September 15, 2023

Via: CSO Online

How are bad actors getting access to organizations? In many cases, they simply log in. Sophos research finds that one of the most common root cause of attacks is compromised credentials. In fact, 30% of respondents to its 2023 Active […]


Security

Emerging cyber threats in 2023 from AI to quantum to data poisoning

September 7, 2023

Via: CSO Online

Companies using Microsoft Teams got news earlier in the summer of 2023 that a Russian hacker group was using the platform to launch phishing attacks, putting a new spin on a long-known attack strategy. According to Microsoft Threat Intelligence, the […]


Security

VMware warns customers to immediately patch critical Aria network software holes

August 30, 2023

Via: Network World

VMware is advising customers to upgrade or patch its Aria for Network Operations software because of potential security problems. VMware Aria is the vendor’s multi-cloud management platform that integrates previously separate VMware services such as vRealize Automation, vRealize Operations, vRealize […]


Security

Container security probes provide continuous penetration testing

August 23, 2023

Via: CSO Online

Containerized applications bring many benefits — they are a fast way to deploy software across multiple computing environments. But securing containers is a challenge, since their unique attributes, particularly their ephemeral nature, means that they have been treated differently by […]


Security

Ransomware victim numbers surge as attackers target zero-day vulnerabilities

August 7, 2023

Via: CSO Online

The use of zero-day and one-day vulnerabilities has led to a 143% increase in total ransomware victims between Q1 2022 and Q1 2023, according to new research from cloud security vendor Akamai. The firm’s Ransomware on the Move: Exploitation Techniques […]


Security

Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken?

August 7, 2023

Via: CSO Online

Anyone in cybersecurity who has had to deal with vulnerabilities in technology systems has inevitably run into the Common Vulnerability Scoring System (CVSS). Whether or not the name is instantly recognizable, phrases determining vulnerabilities as “critical” or “high” or the […]


Security

Securing the software supply chain one step at a time

August 2, 2023

Via: CSO Online

The software supply chain is a vast, global landscape made up of a complicated web of interconnected software producers and consumers. As such, it comes with numerous risks and vulnerabilities that affect all software–including those from third parties and outside […]


Security

New vulnerabilities mean it’s time to review server BMC interfaces

July 28, 2023

Via: CSO Online

The frequency and severity of security issues found over the years in the firmware of baseboard management controllers (BMCs) present in server motherboards highlight an often overlooked, yet critical area of IT infrastructure security. The latest addition to the growing […]


Security

Arcserve survey reveals cybersecurity vulnerabilities in public services

June 20, 2023

Via: Data Centre & Network News

Arcserve has released a segment from its annual independent global research. It focuses on government IT departments’ approach and experience with ransomware and data recovery preparedness. The findings reveal several weaknesses that can hamper government departments’ fight against ransomware and […]


Security

Clop ransomware gang exploits the MOVEit Transfer vulnerability to steal data

June 5, 2023

Via: CSO Online

More information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied some of the attacks to a threat actor associated […]


Security

Critical remote code execution flaws patched in Cisco small business switches

May 18, 2023

Via: CSO Online

Cisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices […]


Security

Cisco patches high and critical flaws across several products

April 21, 2023

Via: CSO Online

Cisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation […]


Security

Log4Shell remains a big threat and a common cause for security breaches

December 28, 2022

Via: CSO

The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its […]


Security

OpenSSL project patches two vulnerabilities but downgrades severity

November 1, 2022

Via: CSO

The OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library. The project’s maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has […]


Security

What’s Missing in Most CISO’s Security Risk Management Strategies

September 22, 2022

Via: CSO

At the foundation of cybersecurity is the need to understand your risks and how to minimize them. Individuals and organizations often think about risk in terms of what they’re trying to protect. When talking about risk in the IT world, […]


Security

US OMB releases guidance on federal agency software security requirements

September 16, 2022

Via: CSO

Earlier this week, Chris DeRusha, federal CISO and deputy national cyber director in the White House, announced the release of Office of Management and Budget (OMB) guidance to ensure federal agencies rely only on software that has been built following […]


Security

Why patching quality, vendor info on vulnerabilities are declining

August 24, 2022

Via: CSO

Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at […]