Top

Tag: vulnerability


Security

HelloKitty ransomware deployed via critical Apache ActiveMQ flaw

November 2, 2023

Via: CSO Online

Attackers have begun exploiting a critical remote code execution vulnerability patched last week in Apache ActiveMQ to deploy ransomware in enterprise networks. Users are urged to upgrade the software as soon as possible. “Beginning Friday, October 27, Rapid7 Managed Detection […]


Security

SEC to investigate Progress Software over mass MOVEit hack

October 12, 2023

Via: CSO Online

Progress Software could be staring at fresh litigations over the explosive zero-day found in its file transfer service, MOVEit, which affected millions of end users globally. The latest probe comes from the US Security and Exchange Commission (SEC), which is […]


Security

Chainguard adds automated SBOMs, vulnerability scanning to Enforce

July 19, 2023

Via: CSO Online

Software supply chain security provider Chainguard is adding a suite of new capabilities to its native Kubernetes security and compliance platform Enforce. The new capabilities include automatic generation and ingestion of software bills of materials (SBOMs) for container images, vulnerability […]


Hardware, Technology

Cisco warns of unpatched exploit in a family of data center switches

July 7, 2023

Via: CSO Online

A high-severity flaw in Cisco’s data center switching gear could allow threat actors to read and modify encrypted traffic, according to the company. On Wednesday, Cisco issued a security advisory for the vulnerability in the application-centric infrastructure (ACI) multisite CloudSec […]


Security

Hackers exploit WordPress vulnerability within hours of PoC exploit release

May 15, 2023

Via: CSO Online

Threat actors have started exploiting a recently disclosed vulnerability in WordPress, within 24 hours of the proof-of-concept (PoC) exploit being published by the company, according to a blog by Akamai. The high-severity vulnerability — CVE-2023-30777, which affects the WordPress Advanced […]


Security

11 security tools all remote employees should have

May 2, 2023

Via: CSO Online

It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, […]


Security

Why you should patch the Windows QueueJumper vulnerability immediately

April 12, 2023

Via: CSO Online

Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over […]


Security

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

March 20, 2023

Via: CSO

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable […]


Security

Cybercriminals bypass Windows security with driver-vulnerability exploit

January 11, 2023

Via: CSO

The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in […]


Security

Extreme Networks launches first outdoor Wi-Fi 6E outdoor access point

August 18, 2022

Via: RCR Wireless News

Extreme Networks revealed the Extreme AP5050, which it claimed is the industry’s first outdoor Wi-Fi 6E outdoor access point (AP) optimized for deployment across all sorts of outdoor venues. The outdoor AP is designed to be flexible and easy to […]


Monitoring&Analysis

Syxsense launches vulnerability monitoring and remediation solution

May 2, 2022

Via: CSO

Syxsense has announced a new security and endpoint management solution that delivers vulnerability monitoring and remediation across devices and network environments. The IT management and endpoint security vendor stated that the platform – Syxsense Enterprise – delivers a unified solution […]


Security

Codenotary adds vulnerability scanning to its repertoire

March 18, 2022

Via: CSO

Codenotary, a software supply chain security provider, has announced new features to its cloud offering, including built-in vulnerability scanning. With the addition of scanning, the company’s cloud solution can provide end-to-end protection for a supply chain, from checking for vulnerabilities […]


Security

Ransomware response: What CISOs really want from the federal government

June 7, 2021

Via: CSO

The May ransomware attack on Colonial Pipeline exposed the country’s significant vulnerability to cyberthreats. The attack triggered lines at gas stations, higher prices at the pump, and even some hoarding. It prompted new federal cybersecurity regulations for the pipeline industry […]


Security

‘FragAttack’ flaws threaten Wi-Fi, but not too seriously

May 14, 2021

Via: Network World.com

Almost all Wi-Fi is potentially vulnerable to flaws that date back to 1997 when it became commercially available, but even the person who discovered the weaknesses says some of them are difficult to exploit. Mathy Vanhoef, a post-doctoral student at […]


Security

8 new roles today’s security team needs

March 11, 2021

Via: CSO

There’s an estimated 500,000 unfilled cybersecurity positions in the United States today, including 166,000 jobs for information security analysts—the profession’s most common job title. And those figures are likely to increase. According to PwC’s Global Digital Trust Insights 2021, 51% […]


Monitoring&Analysis, Security

How to secure vulnerable printers on a Windows network

August 26, 2020

Via: CSO

At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers. In 2010, one of the vulnerabilities Stuxnet used was a remote code […]


Monitoring&Analysis, Security

Vulnerability Spotlight: Memory Corruption Vulnerability in GNU Glibc Leaves Smart Vehicles Open to Attack

May 21, 2020

Via: Cisco Blog

Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with […]


Monitoring&Analysis, Security

Cisco warns of five SD-WAN security weaknesses

March 19, 2020

Via: ITWorld Networking

Cisco has issued five warnings about security weaknesses in its SD-WAN offerings, three of them on the high-end of the vulnerability scale. The worst problem is with the command-line interface (CLI) of its SD-WAN Solution software where a weakness could […]


Monitoring&Analysis, Security

Vulnerability management requires good people and patching skills

January 16, 2020

Via: CSO

Though threat actors have access to increasingly sophisticated and easy-to-use offensive tools, businesses often fail to get basics around patching right, leaving an easy entry route for attackers. As one of the biggest providers of building materials in the world, […]


Monitoring&Analysis, Security, Software

Cisco issues critical security warnings its Data Center Network Manager

January 3, 2020

Via: Networkworld Software

Cisco this week issued software to address multiple critical authentication exposures in its Data Center Network Manager (DCNM) software for its Nexus data center switches. DCNM is a central management dashboard for data-center fabrics based on Cisco Nexus switches and […]