Vulnerability


  • software, code, computer
    Image attribution tooltip

    Markus Spiske

    Image attribution tooltip

    CISA urges use of memory safe code in software development

    Unsafe programming languages, like C and C++, account for more than 70% of security vulnerabilities. 

    By Sept. 22, 2023
  • Anne Neuberger, deputy national security advisor for cyber and emerging technology, speaks at the White House.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    White House, federal cyber leaders pledge renewed support for open source security

    CISA released a roadmap for open source software security as industry officials convened to map out additional steps to protect federal agencies and the larger ecosystem.

    By Sept. 13, 2023
  • A digital lock on a computer memory board with red and blue lights intersecting
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    High-profile CVEs turn up in vulnerability exploit sales

    Flashpoint observed 27 vulnerability exploits listed for sale or purchased on the dark web during the first half of the year. One-third were linked to Microsoft products.

    By Sept. 12, 2023
  • A Cisco logo with blue lights strands in the background.
    Image attribution tooltip
    David Ramos via Getty Images
    Image attribution tooltip

    Cisco BroadWorks vulnerability snags highest CVSS score

    There are no workarounds for the vulnerability, which could expose confidential data if exploited by a threat actor with forged administrative access.

    By Sept. 11, 2023
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Barracuda patch bypassed by novel malware from China-linked threat group

    Mandiant uncovered a months-long cyber espionage campaign targeting high value government entities and technology firms in the U.S. and abroad.

    By Sept. 1, 2023
  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Software industry urged to assume risk on open source security

    The Open Source Security Foundation called on commercial and non-commercial organizations that use open source software components to adopt better security practices.

    By Aug. 25, 2023
  • Fingers hover over a computer keyboard with numbers on a screen, against a shadowy backdrop.
    Image attribution tooltip
    jariyawat thinsandee via Getty Images
    Image attribution tooltip

    Barracuda ESG zero-day exploit still under way after patches fail

    The FBI said users need to isolate and replace affected appliances as threat actors continue to target the remote command injection vulnerability.

    By Aug. 24, 2023
  • exclamation point depicted hovering above network infrastructure
    Image attribution tooltip
    Just_Super/Getty Images via Getty Images
    Image attribution tooltip

    Cuba ransomware group exploits Veeam to hit critical infrastructure

    The threat actor also used malicious tools from previous campaigns, according to BlackBerry research.

    By Aug. 21, 2023
  • CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
    Image attribution tooltip
    Permission granted by Carnegie Mellon University
    Image attribution tooltip

    White House wants input on open source security, memory-safe languages

    Federal agencies put out a request for information Thursday, building on Biden administration priorities to help secure open source post-Log4j.

    By Aug. 11, 2023
  • A digital lock on a computer memory board with red and blue lights intersecting
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Inside the most-commonly exploited CVEs of 2022

    Delayed patching and unmet secure-by-design principles are aggravating the risk of compromise, the Five Eyes warned Thursday.

    By Aug. 4, 2023
  • Activision
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Tenable CEO calls out Microsoft delay on months-old Azure vulnerability

    Microsoft has been dragging its feet to fully resolve the issue more than four months after it was discovered, CEO Amit Yoran said.

    By Aug. 3, 2023
  • SEC reporting
    Image attribution tooltip
    Kobus Louw via Getty Images
    Image attribution tooltip

    Businesses improved cyber incident response times following Log4j, report finds

    An Immersive Labs study showed security teams improved response times during attacks, but post-incident recovery still lagged.

    By Aug. 2, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    Valid account credentials are behind most cyber intrusions, CISA finds

    The success rate of these techniques underscores the staying power of the most common methods threat actors use to gain initial access to targeted systems.

    By July 28, 2023
  • CFOs play a key role in advocating for preventative cybersecurity actions that help reduce the cost of cyber risks.
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products

    Authorities and researchers warn that attackers could exploit the vulnerabilities for remote takeover and potentially destructive activity.

    By July 14, 2023
  • 3D digital circular dynamic wave.
    Image attribution tooltip
    Vitalii Pasichnyk/Getty via Getty Images
    Image attribution tooltip
    Deep Dive

    MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims

    The slow-moving disaster has ensnared some of the world's largest enterprises. Cybersecurity experts expect further damage to come.

    By Updated Sept. 25, 2023
  • Image attribution tooltip
    Anastasia Vlasova via Getty Images
    Image attribution tooltip

    RomCom uses Word documents in new phishing campaign, Microsoft warns

    The hackers are known to use trojanized versions of legitimate software from Adobe, SolarWinds, KeePass and others.

    By July 12, 2023
  • Illustrated man with fishing hook stealing key
    Image attribution tooltip
    stefanovsky via Getty Images
    Image attribution tooltip

    Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn

    Threat actors have been leveraging a known vulnerability in Netwrix Auditor to exfiltrate data from targeted entities since May.

    By July 7, 2023
  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard. Screens Show Coding Language User Interface.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Most Fortinet FortiGate firewalls remain vulnerable to critical CVE

    Threat actors could exploit the remote code execution vulnerability, disclosed June 12, to initiate data breaches, ransomware attacks and other damages.

    By July 6, 2023
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    MOVEit vulnerability snags almost 200 victims, more expected

    The education sector has been hit particularly hard as many widely used vendors in the space confirm impacts linked to the mass exploited vulnerability.

    By July 5, 2023
  • A digital lock on a computer memory board with red and blue lights intersecting
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    MOVEit vulnerability ensnares more victims

    Some organizations have been impacted due to their direct use of MOVEit while others have been exposed by third-party vendors.

    By June 27, 2023
  • PwC logo outside of London, England
    Image attribution tooltip
    Jack Taylor via Getty Images
    Image attribution tooltip

    Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial

    More than 100 organizations have been hit as part of the MOVEit attack campaign, including PBI Research Services, which exposed millions of customer data files to theft. 

    By June 23, 2023
  • Gavel sitting on paper saying class action suit
    Image attribution tooltip
    Bill Oxford via Getty Images
    Image attribution tooltip

    Progress Software faces federal class action lawsuits as MOVEit breach exposure widens

    Louisiana residents allege their personal financial information was put at risk after the state's motor vehicles department had data exposed in the MOVEit data breach. 

    By June 21, 2023
  • An aerial view of Washington, D.C. that includes the Washington Monument.
    Image attribution tooltip
    LUNAMARINA/iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    US puts $10M bounty on Clop as federal agencies confirm data compromises

    Additional private sector companies have disclosed attacks after multiple vulnerabilities were found in MOVEit Transfer software.

    By June 20, 2023
  • The U.S. Capitol Building at night with lightning in the background.
    Image attribution tooltip
    Naomi Eide/Cybersecurity Dive
    Image attribution tooltip

    Another MOVEit vulnerability found, as state and federal agencies reveal breaches

    The third vulnerability since Progress Software first disclosed a MOVEit Transfer zero day arrived just as CISA officials said a “small number” of federal agencies were impacted. 

    By June 16, 2023
  • The red lock and its structure explode in a digital computer setting.
    Image attribution tooltip
    TU IS via Getty Images
    Image attribution tooltip

    Clop names a dozen MOVEit victims, but holds back details

    As its deadline expired, the ransomware group released the first batch of victim organizations, most of which were U.S.-based, ReliaQuest found.

    By June 15, 2023