Vulnerability: Page 2
-
Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs
Microsoft researchers warn the vulnerabilities can be exploited, potentially resulting in remote code execution and denial of service.
By David Jones • July 3, 2024 -
Cisco Nexus devices zero day raises alarms despite CVSS score
Though the NX-OS CVE only has a 6.0 score, a suspected espionage actor is deploying custom malware to exploit a command injection vulnerability in a range of switching devices.
By David Jones • July 2, 2024 -
700,000 OpenSSH servers vulnerable to remote code execution CVE
The newly discovered vulnerability can be exploited by attackers to gain unauthenticated remote code execution with root privileges, Qualys researchers said.
By Matt Kapko • July 1, 2024 -
Memory-unsafe code runs rampant in critical open-source projects
CISA and the FBI are part of an international effort to eliminate memory-unsafe languages which were found in more than half of critical open-source projects.
By David Jones • June 27, 2024 -
Progress discloses more MOVEit CVEs, one year after 2023’s fiasco
The enterprise software vendor and researchers have not observed active exploitation, but attempts are underway. Concerns are amplified by a spree of attacks that hit MOVEit last year.
By Matt Kapko • Updated June 27, 2024 -
Cloud security becoming top priority for companies worldwide
Application sprawl and the sensitive nature of the data organizations place in the cloud is complicating security, Thales found.
By David Jones • June 25, 2024 -
Nearly 150,000 ASUS routers potentially exposed to critical vulnerability
Researchers said the CVE, which has a CVSS score of 9.8, raises additional concerns about the security of edge, small office and home office devices.
By David Jones • June 21, 2024 -
TellYouThePass ransomware widely targets vulnerable PHP instances
CISA added the CVE to its known exploited vulnerabilities catalog, but so far most of the infected hosts have been observed in China.
By David Jones • June 14, 2024 -
Microsoft president promises significant culture changes geared towards security
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
By David Jones • June 14, 2024 -
Rust Foundation leads the charge to improve critical systems security
The foundation is standing up a consortium to boost the responsible use of the programming language at a time of heightened security risks.
By David Jones • June 12, 2024 -
SolarWinds file-transfer vulnerability ripe for exploitation, researchers warn
Rapid7 researchers said Serv-U CVE can easily be exploited, a similar scenario that has led to other smash-and-grab attacks.
By David Jones • June 12, 2024 -
Critical PHP CVE is under attack — research shows it’s easy to exploit
Researchers warn they are seeing thousands of attacks against various targets, including financial services and healthcare, in the U.S. and other countries.
By David Jones • June 11, 2024 -
Cyber risk is rising for poorly configured OT devices
Since late last year, researchers have identified more politically motivated groups targeting water and other key critical infrastructure systems.
By David Jones • June 3, 2024 -
Sponsored by Avaya
Securing your call centers: Best practices for cybersecurity protection
All call centers face cybersecurity threats because they handle information like credit card numbers, health records, and personal purchase history. However, call centers that support federal agencies have the added risk of handling highly sensitive information, making them prime targets for cybercriminals.
By Jerry Dotson, Vice President of Public Sector, Avaya • June 3, 2024 -
Check Point Software VPN exploitation risk greater than previously stated: researchers
An attacker can move laterally and gain far more access to files than previously disclosed, researchers warn. Threat activity has been traced back to April.
By David Jones • May 31, 2024 -
NIST has a plan to clear the vulnerability analysis backlog
The Cybersecurity and Infrastructure Security Agency and government contractor Analygence will help clear the National Vulnerability Database backlog.
By Matt Kapko • May 31, 2024 -
Check Point Software links newly identified CVE to VPN attacks
The company is now mandating customers download a hotfix designed to prevent attackers from gaining access.
By David Jones • May 29, 2024 -
Critical CVEs are going under-analyzed as NIST falls behind
NIST has analyzed less than 1 in 10 vulnerabilities added to the National Vulnerability Database since mid-February, according to VulnCheck research.
By Matt Kapko • May 28, 2024 -
Check Point Software customers targeted by hackers using old, local VPN accounts
The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.
By David Jones • May 28, 2024 -
Remote-access tools the intrusion point to blame for most ransomware attacks
Self-managed VPNs from Cisco and Citrix were 11 times more likely to be linked to a ransomware attack last year, At-Bay research found.
By Matt Kapko • May 16, 2024 -
Black Basta ransomware is toying with critical infrastructure providers, authorities say
The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors. Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.
By David Jones • May 13, 2024 -
Generative AI is a looming cybersecurity threat
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
By Jen A. Miller , Naomi Eide • May 8, 2024 -
China-linked attackers are successfully targeting network security devices, worrying officials
Espionage groups linked to China are heavily exploiting zero days, focusing on devices that lack endpoint detection and response capabilities, one expert said.
By Matt Kapko • May 7, 2024 -
CISA, FBI urge software companies to eliminate directory traversal vulnerabilities
The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools.
By David Jones • May 7, 2024 -
Sponsored by Synopsys
5 considerations for securing your software supply chain
Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.
By Mike McGuire, Sr. Software Solution Manager, Synopsys • May 6, 2024