Vulnerability: Page 21


  • Person in hat surrounded by cameras at a press conference
    Image attribution tooltip

    Ross D. Franklin/AP

    Image attribution tooltip

    Sports betting apps fumble open source, placing users at risk

    On the cusp of Super Bowl 57, researchers from Synopsys warned popular mobile betting apps face a higher than average risk of being hacked.

    By Feb. 7, 2023
  • Ransomware spelled out in a creative depiction.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Ransomware attack spree hits thousands of VMware servers

    Cyber authorities linked the attacks, dubbed ESXiArgs, to a two-year-old VMware vulnerability. At least 2,250 machines have been compromised.

    By Feb. 6, 2023
  • Young Woman Writing Code on Desktop Computer in Stylish Loft Apartment in the Evening.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    CVEs expected to rise in 2023, as organizations still struggle to patch

    Most CVEs are exploited within 30 days of public disclosure, a Coalition report found, spelling trouble for organizations trying to shore up their defenses.

    By Feb. 3, 2023
  • Image attribution tooltip
    Scott Olson via Getty Images
    Image attribution tooltip

    Industrial organizations may worry too much about ICS vulnerabilities

    The pressure to constantly patch is more likely to damage industrial plants, Dragos CEO Robert M. Lee said.

    By Jan. 27, 2023
  • The red lock and its structure explode in a digital computer setting.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Exchange Server under pressure as opportunistic actors step up attacks

    Bitdefender Labs warns threat actors are using the ProxyNotShell/OWASSRF exploit chains to launch attacks.

    By Jan. 25, 2023
  • Two technologists stand in front of IT infrastructure.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Almost half of critical manufacturing organizations face significant risk of data breach

    A report presented at the World Economic Forum shows key sectors are under pressure from rising vulnerabilities and a slower rate of patching.

    By Jan. 23, 2023
  • IT technician working on cloud data server.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Four Microsoft Azure services found vulnerable to server-side request forgery

    Researchers from Orca Security said no authentication was required in two of the four instances.

    By Jan. 17, 2023
  • Picture of a cybersecurity lock
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Citrix flaw exploited in ransomware attack against small US business

    Threat actors linked to ransomware group Royal are actively exploiting a vulnerability in two Citrix products, researchers found.

    By Jan. 13, 2023
  • Computer language script and coding on screen.
    Image attribution tooltip
    themotioncloud via Getty Images
    Image attribution tooltip

    Open-source repository risk amplified on GitHub

    Inconsistent or delayed code commits create risk as repositories age, Veracode research found.

    By Jan. 12, 2023
  • Digital code data numbers and secure lock icons on hacker's hands working with keyboard computer on dark blue tone background.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    CISA adds Exchange Server, Windows vulnerabilities to catalog of exploited CVEs

    The Exchange Server vulnerability was linked to a December ransomware attack against Rackspace.

    By Jan. 11, 2023
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Rackspace confirms ransomware attack hit a small percentage of its Hosted Exchange customers

    The cloud services firm said an investigation found no evidence the attackers read, misused or disseminated customer data or emails.

    By Jan. 6, 2023
  • Workers at a security operations center at Rackspace.
    Image attribution tooltip
    Courtesy of Rackspace Technology
    Image attribution tooltip

    Rackspace identifies ransomware threat actor behind December attack via Exchange

    CrowdStrike previously connected Play, the threat actor, to a new Outlook Web Access exploit method used in multiple attacks. 

    By Jan. 3, 2023
  • Lights in Europe are seen from space.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Cybersecurity trends in 2023 that will directly impact everyday life

    The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security. 

    By Sue Poremba • Jan. 3, 2023
  • A lit Microsoft log seen above a group of people in shadow.
    Image attribution tooltip
    Jeenah Moon via Getty Images
    Image attribution tooltip

    New exploit for Microsoft’s ProxyNotShell mitigation side steps fix

    CrowdStrike researchers discovered a new attack method by the Play ransomware actors that uses Outlook Web Access and leverages additional tools to maintain access. 

    By Dec. 22, 2022
  • A man checks his phone in an Apple retail store in Grand Central Terminal in New York City.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    MacOS vulnerability allows threat actors to bypass Apple Gatekeeper

    Microsoft researchers found a flaw in macOS systems, which can even overcome security features designed to protect high-risk users in Lockdown Mode.

    By Dec. 20, 2022
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    Threat actor exploits critical Citrix vulnerability

    CISA and the NSA quickly issued advisories on the vulnerability, underscoring evidence that a threat actor, active for at least 15 years, is exploiting the flaw.

    By Dec. 13, 2022
  • Military Surveillance Officer Working on a City Tracking Operation in a Central Office Hub for Cyber Control and Monitoring for Managing National Security, Technology and Army Communications.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Fortinet urges customers to upgrade systems amid critical vulnerability

    A heap-based buffer overflow vulnerability has been exploited in the wild and could allow an attacker to gain control of a system.

    By Dec. 13, 2022
  • Picture of a cybersecurity lock
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Fear, panic and Log4j: One year later

    Fears of catastrophic cyberattacks have thus far failed to materialize. But federal authorities stress threat actors are playing the long game.

    By Dec. 9, 2022
  • Microsoft signage displayed
    Image attribution tooltip
    Jeenah Moon via Getty Images
    Image attribution tooltip

    Internet Explorer is still a viable zero-day attack vector

    North Korea-linked threat actors are using a technique that has been widely used to exploit Internet Explorer via Office files since 2017, Google found.

    By Dec. 7, 2022
  • Smiling young family looking at candy and Christmas presents in a store window.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Three-quarters of retail, hospitality applications have security flaws

    Nearly 1 in 5 vulnerabilities in the retail and hospitality industry are considered high severity, Veracode found, creating considerable risks to the organization. 

    By Nov. 22, 2022
  • A depiction of computer hardware.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

    The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

    By Nov. 16, 2022
  • Concept with expert setting up automated software on laptop computer.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    High risk, critical vulnerabilities found in 25% of all software applications and systems

    Research from Synopsys showed weak SSL/TLS configurations were the most prevalent form of vulnerability.

    By Nov. 15, 2022
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    CISA wants to change how organizations prioritize vulnerabilities

    Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.

    By Nov. 14, 2022
  • Digital code data numbers and secure lock icons on hacker's hands working with keyboard computer on dark blue tone background.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    CISA warns unpatched Zimbra users to assume breach

    Months after warnings to patch the Zimbra Collaboration Suite, government and private sector organizations are under attack from multiple threat actors.

    By Nov. 11, 2022
  • Image depicts the implementation of cybersecurity with a lock displayed over a screen.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Citrix CVEs need urgent security updates, CISA says

    Though there's no active exploitation yet, Tenable researchers warn they expect threat actors to target the Citrix systems in the near term.

    By Nov. 10, 2022