Vulnerability: Page 5
-
Techa Tungateja via Getty Images
Cleo releases CVE for actively exploited flaw in file-transfer software
Researchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group linked itself to the attacks.
By David Jones • Dec. 16, 2024 -
gorodenkoff via Getty Images
Security community raises concern as Cleo file-transfer CVE delayed
After the company urged users to patch a critical flaw, researchers are asking about the lack of a CVE and additional guidance.
By David Jones • Dec. 13, 2024 -
iStock / Getty Images Plus via Getty Images
Cleo releases new patch as threat groups ramp up exploitation of critical CVE
Researchers warned that companies primarily in the trucking, food, retail and shipping industries were under attack.
By David Jones • Dec. 12, 2024 -
gorodenkoff via Getty Images
Critical flaw in Cleo file-transfer software is under mass exploitation
The company is working on a new patch and CVE as an existing patch for a previously disclosed vulnerability is not providing adequate protection.
By David Jones • Updated Dec. 11, 2024 -
Getty Images via Getty Images
CISA, German cyber authorities warn Zyxel firewalls facing active exploitation
Attackers have targeted dozens of companies with Helldown ransomware, researchers found.
By David Jones • Dec. 4, 2024 -
Motortion via Getty Images
Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited
The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.
By Matt Kapko • Nov. 22, 2024 -
Getty Plus via Getty Images
Palo Alto Networks customers grapple with another actively exploited zero-day
The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.
By Matt Kapko • Nov. 19, 2024 -
Win McNamee via Getty Images
Federal probe finds vulnerabilities across more than 300 US water systems
The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.
By David Jones • Nov. 19, 2024 -
Matt Kapko/Cybersecurity Dive
Palo Alto Networks’ customer migration tool hit by trio of CVE exploits
CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.
By Matt Kapko • Nov. 15, 2024 -
Drew Angerer via Getty Images
Microsoft revamps how it will disclose vulnerabilities
The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs.
By David Jones • Nov. 15, 2024 -
Justin Sullivan/Getty Images via Getty Images
Citrix Session Recording users warned of CVEs that allow hackers to gain control
Security researchers at watchTowr discovered the flaw and claim attackers can gain access without authentication, a finding which Citrix disputes.
By David Jones • Nov. 13, 2024 -
iStock / Getty Images Plus via Getty Images
Zero-days from top security vendors were most exploited CVEs in 2023
The top five vulnerabilities exploited by attackers last year were found in security gear from Citrix, Cisco and Fortinet, the Five Eyes’ cyber agencies found.
By Matt Kapko • Nov. 13, 2024 -
Wirestock via Getty Images
Critical Veeam CVE targeted by new ransomware variant
Multiple ransomware variants are now targeting the CVE, which has a CVSS of 9.8. For customers, the risk of exploitation is only increasing.
By Matt Kapko • Nov. 12, 2024 -
stock.adobe.com/Song_about_summer
Sponsored by ImprivataThe company you keep: your most trusted vendor could be your biggest security risk
Your trusted vendor might be your biggest security risk. Learn how to mitigate third-party threats.
By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber, Imprivata • Nov. 11, 2024 -
iStock Editorial / Getty Images Plus via Getty Images
Fortinet finds more malicious IPs linked to widely exploited zero-day
The cybersecurity vendor said the additional indicators of compromise don’t reflect any major changes. Researchers warn thousands of devices remain exposed.
By Matt Kapko • Oct. 31, 2024 -
tigermad via Getty Images
Poor vulnerability management could indicate larger cyber governance issues, S&P says
Companies that fail to properly mitigate security vulnerabilities are leaving themselves open to malicious activity, the research firm said.
By David Jones • Oct. 29, 2024 -
jariyawat thinsandee via Getty Images
Cisco warns actively exploited CVE can lead to DoS attacks against VPN services
The company warned the threat activity is linked to previously disclosed brute-force attacks beginning in March.
By David Jones • Oct. 28, 2024 -
DKosig via Getty Images
Critical Veeam CVE actively exploited in ransomware attacks
Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data backup and recovery vendor.
By Matt Kapko • Oct. 22, 2024 -
Drew Angerer via Getty Images
Microsoft confirms partial loss of security log data on multiple platforms
The company previously expanded free access to security logs on several platforms, including Purview, following the 2023 state-linked hack of Exchange Online.
By David Jones • Oct. 18, 2024 -
Permission granted by Carnegie Mellon University
FBI, CISA seek input on software security, configuration changes
Authorities are seeking public comment on steps the software industry can take to make their products more resistant to malicious threat activity.
By David Jones • Oct. 17, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
CISA adds SolarWinds flaw to exploited vulnerabilities catalog
A hardcoded credentials vulnerability in SolarWinds Web Help Desk lets attackers read and modify sensitive help desk ticket information.
By David Jones • Oct. 16, 2024 -
Just_Super via Getty Images
Critical CVE in 4 Fortinet products actively exploited
CISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the company.
By David Jones • Oct. 14, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA’s vulnerability management program spotted 250 critical CVEs in 2023
The 51 federal civilian agencies involved in the program remediated 872 vulnerabilities last year, up 78% increase from 2022, according to CISA.
By Matt Kapko • Oct. 4, 2024 -
(Gorodenkoff) via Getty Images
Ivanti up against another attack spree as hackers target its endpoint manager
Ivanti customers are facing a new series of exploitation attempts after the company pledged in April to launch a comprehensive overhaul of its internal security practices.
By David Jones • Oct. 3, 2024 -
gorodenkoff via Getty Images
CUPS vulnerability, a near miss, delivers another warning for open source
While a major crisis was averted, the disclosures may open up needed conversations about transparency and coordination, according to researchers.
By David Jones • Sept. 30, 2024
Previous
