July 12, 2024
Via: CSO OnlineSecurity intelligence firm Group-IB reports that attackers from a recently created ransomware group – EstateRansomware – exploited a year old vulnerability (CVE-2023-27532) in backup software from Veeam as part of a complex attack chain. Anatomy of an attack EstateRansomware exploited […]
November 2, 2023
Via: CSO OnlineAttackers have begun exploiting a critical remote code execution vulnerability patched last week in Apache ActiveMQ to deploy ransomware in enterprise networks. Users are urged to upgrade the software as soon as possible. “Beginning Friday, October 27, Rapid7 Managed Detection […]
October 12, 2023
Via: CSO OnlineProgress Software could be staring at fresh litigations over the explosive zero-day found in its file transfer service, MOVEit, which affected millions of end users globally. The latest probe comes from the US Security and Exchange Commission (SEC), which is […]
July 19, 2023
Via: CSO OnlineSoftware supply chain security provider Chainguard is adding a suite of new capabilities to its native Kubernetes security and compliance platform Enforce. The new capabilities include automatic generation and ingestion of software bills of materials (SBOMs) for container images, vulnerability […]
July 7, 2023
Via: CSO OnlineA high-severity flaw in Cisco’s data center switching gear could allow threat actors to read and modify encrypted traffic, according to the company. On Wednesday, Cisco issued a security advisory for the vulnerability in the application-centric infrastructure (ACI) multisite CloudSec […]
May 15, 2023
Via: CSO OnlineThreat actors have started exploiting a recently disclosed vulnerability in WordPress, within 24 hours of the proof-of-concept (PoC) exploit being published by the company, according to a blog by Akamai. The high-severity vulnerability — CVE-2023-30777, which affects the WordPress Advanced […]
May 2, 2023
Via: CSO OnlineIt’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, […]
April 12, 2023
Via: CSO OnlineMicrosoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over […]
March 20, 2023
Via: CSOLast week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable […]
January 11, 2023
Via: CSOThe Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in […]
August 18, 2022
Via: RCR Wireless NewsExtreme Networks revealed the Extreme AP5050, which it claimed is the industry’s first outdoor Wi-Fi 6E outdoor access point (AP) optimized for deployment across all sorts of outdoor venues. The outdoor AP is designed to be flexible and easy to […]
May 2, 2022
Via: CSOSyxsense has announced a new security and endpoint management solution that delivers vulnerability monitoring and remediation across devices and network environments. The IT management and endpoint security vendor stated that the platform – Syxsense Enterprise – delivers a unified solution […]
March 18, 2022
Via: CSOCodenotary, a software supply chain security provider, has announced new features to its cloud offering, including built-in vulnerability scanning. With the addition of scanning, the company’s cloud solution can provide end-to-end protection for a supply chain, from checking for vulnerabilities […]
June 7, 2021
Via: CSOThe May ransomware attack on Colonial Pipeline exposed the country’s significant vulnerability to cyberthreats. The attack triggered lines at gas stations, higher prices at the pump, and even some hoarding. It prompted new federal cybersecurity regulations for the pipeline industry […]
May 14, 2021
Via: Network World.comAlmost all Wi-Fi is potentially vulnerable to flaws that date back to 1997 when it became commercially available, but even the person who discovered the weaknesses says some of them are difficult to exploit. Mathy Vanhoef, a post-doctoral student at […]
March 11, 2021
Via: CSOThere’s an estimated 500,000 unfilled cybersecurity positions in the United States today, including 166,000 jobs for information security analysts—the profession’s most common job title. And those figures are likely to increase. According to PwC’s Global Digital Trust Insights 2021, 51% […]
August 26, 2020
Via: CSOAt the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers. In 2010, one of the vulnerabilities Stuxnet used was a remote code […]
May 21, 2020
Via: Cisco BlogModern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with […]
March 19, 2020
Via: ITWorld NetworkingCisco has issued five warnings about security weaknesses in its SD-WAN offerings, three of them on the high-end of the vulnerability scale. The worst problem is with the command-line interface (CLI) of its SD-WAN Solution software where a weakness could […]
January 16, 2020
Via: CSOThough threat actors have access to increasingly sophisticated and easy-to-use offensive tools, businesses often fail to get basics around patching right, leaving an easy entry route for attackers. As one of the biggest providers of building materials in the world, […]