Vulnerability: Page 2


  • A picture of a stethoscope on top of a notebook with blue charts and investment images overlaid over it.
    Image attribution tooltip
    ipopba via Getty Images
    Image attribution tooltip

    CISA, FBI urge software companies to eliminate directory traversal vulnerabilities

    The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools. 

    By May 7, 2024
  • Female Developer Thinking and Typing on Computer, Surrounded by Big Screens Showing Coding Language
    Image attribution tooltip

    shutterstock.com/Gorodenkoff

    Image attribution tooltip
    Sponsored by Synopsys

    5 considerations for securing your software supply chain

    Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.

    By Mike McGuire, Sr. Software Solution Manager, Synopsys • May 6, 2024
  • Matrix background of blurred programming code.
    Image attribution tooltip
    Getty Plus via Getty Images
    Image attribution tooltip

    CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action.

    More than half of CISA's ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations.

    By May 1, 2024
  • close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept - stock photo
    Image attribution tooltip
    Chainarong Prasertthai via Getty Images
    Image attribution tooltip

    CVE exploitation nearly tripled in 2023, Verizon finds

    Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes.

    By May 1, 2024
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Cactus ransomware targets a handful of Qlik Sense CVEs

    Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.

    By April 29, 2024
  • Shot of a programmer looking stressed out while working on a computer code at night.
    Image attribution tooltip

    shutterstock.com/PeopleImages.com - Yuri A

    Image attribution tooltip
    Sponsored by Synopsys

    What to do when your team is struggling to manage too many application security vendors

    A good ASPM solution will correlate and analyze data from a variety of sources, allow you to administer and orchestrate security tools, and automate your security policies.

    April 29, 2024
  • Hooded hacker sits in front of computer screens.
    Image attribution tooltip
    dem10 via Getty Images
    Image attribution tooltip

    Cisco devices again targeted by state-linked threat campaign

    The campaign, dubbed ArcaneDoor, dates back to late 2023 and is targeting perimeter network devices from Cisco — and potentially other companies.

    By April 25, 2024
  • A series of yellow folders that depict lines of binary code running between them.
    Image attribution tooltip
    D3Damon via Getty Images
    Image attribution tooltip

    Zero-day exploits hit CrushFTP, researchers expect rapid exploitation

    CrushFTP CEO Ben Spink said the company isn’t aware of any data theft thus far, but researchers see echoes of MOVEit exploits and other high-profile file-transfer vulnerabilities.

    By April 24, 2024
  • Printer
    Image attribution tooltip
    Simonkr via Getty Images
    Image attribution tooltip

    Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg

    State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.

    By April 24, 2024
  • Illustrated man with fishing hook stealing key
    Image attribution tooltip
    stefanovsky via Getty Images
    Image attribution tooltip

    Enterprises are getting better at detecting security incidents

    Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.

    By April 23, 2024
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Palo Alto Networks quibbles over impact of exploited, compromised firewalls

    The security vendor downplayed the impact of exploit activity, describing most attempts as unsuccessful, but outside researchers say 6,000 devices are vulnerable.

    By April 23, 2024
  • Abstract black and white monochrome art with surreal funnel.
    Image attribution tooltip
    Philipp Tur/Getty Images Plus via Getty Images
    Image attribution tooltip

    Mitre R&D network hit by Ivanti zero-day exploits

    Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.

    By April 22, 2024
  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    Palo Alto Networks warns firewall exploits are spreading

    Attempted exploits and attacks linked to the zero-day vulnerability, which has a CVSS of 10, grew after proof of concepts were released.

    By April 18, 2024
  • Palo Alto Networks
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    Palo Alto Networks fixes maximum severity, exploited CVE in firewalls

    The security vendor said a “limited number of attacks” were linked to the exploited vulnerability. Volexity observed exploits dating back to March 26.

    By April 16, 2024
  • In this photo illustration, the welcome screen for the OpenAI "ChatGPT" app is displayed on a laptop screen on February 03, 2023 in London, England. OpenAI,
    Image attribution tooltip
    Leon Neal / Staff via Getty Images
    Image attribution tooltip

    ChatGPT grabs the shadow IT crown: report

    Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.

    By Matt Ashare • April 16, 2024
  • NIST administration building in Gaithersburg, Maryland.
    Image attribution tooltip
    Courtesy of NIST
    Image attribution tooltip

    What’s going on with the National Vulnerability Database?

    CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.

    By April 10, 2024
  • Microsoft's visitor center at its Redmond campus.
    Image attribution tooltip
    Stephen Brashear via Getty Images
    Image attribution tooltip

    Microsoft embraces common weakness enumeration standard for vulnerability disclosure

    The policy change is part of the company's wider effort to improve security practices and become more transparent following years of scrutiny. 

    By April 10, 2024
  • Header image for "56% of Business Leaders Are Incorporating AI Into Cybersecurity: Weekly Stat"
    Image attribution tooltip
    Andrew Brookes
    Image attribution tooltip

    Mandiant spots advanced exploit activity in Ivanti devices

    The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.

    By April 9, 2024
  • An image of a digital lock is shown
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    D-Link tells customers to sunset actively exploited storage devices

    The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.

    By April 8, 2024
  • Hooded person types on computer in a dark room with multiple monitors and cables everywhere.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree

    CEO Jeff Abbott said significant changes are underway. The beleaguered company committed to improve product security, share learnings and be more responsive to customers.

    By April 4, 2024
  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    Motivations behind XZ Utils backdoor may extend beyond rogue maintainer

    Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.

    By April 2, 2024
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images
    Image attribution tooltip

    Red Hat warns of backoor in widely used Linux utility

    With a CVSS of 10, CISA urged users and developers to downgrade to an uncompromised version, search for any malicious activity and report findings back to the agency.

    By April 1, 2024
  • The U.S. Securities and Exchange Commission seal hangs on the facade of its building.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    Progress Software continues to cooperate with SEC probe into MOVEit exploitation

    The company said it still cannot quantify the potential impact of multiple government agency inquiries.

    By March 29, 2024
  • Anne Neuberger deputy national security advisor for cyber and emerging technologies, speaks at the Billington Cybersecurity Summit with Brad Medairy, EVP, Booz Allen.
    Image attribution tooltip
    Courtesy of Billington CyberSecurity Summit
    Image attribution tooltip

    Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines

    The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.

    By March 28, 2024
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    Software makers urged to flush SQL injection vulnerabilities

    CISA and FBI officials linked attacks against MOVEit file transfer software to preventable defects.

    By March 26, 2024