Vulnerability
-
Wirestock via Getty Images
700,000 OpenSSH servers vulnerable to remote code execution CVE
The newly discovered vulnerability can be exploited by attackers to gain unauthenticated remote code execution with root privileges, Qualys researchers said.
By Matt Kapko • July 1, 2024 -
Markus Spiske
Memory-unsafe code runs rampant in critical open-source projects
CISA and the FBI are part of an international effort to eliminate memory-unsafe languages which were found in more than half of critical open-source projects.
By David Jones • June 27, 2024 -
deberrar/Getty Images via Getty Images
Progress discloses more MOVEit CVEs, one year after 2023’s fiasco
The enterprise software vendor and researchers have not observed active exploitation, but attempts are underway. Concerns are amplified by a spree of attacks that hit MOVEit last year.
By Matt Kapko • Updated June 27, 2024 -
gorodenkoff via Getty Images
Cloud security becoming top priority for companies worldwide
Application sprawl and the sensitive nature of the data organizations place in the cloud is complicating security, Thales found.
By David Jones • June 25, 2024 -
gorodenkoff/iStock via Getty Images
Nearly 150,000 ASUS routers potentially exposed to critical vulnerability
Researchers said the CVE, which has a CVSS score of 9.8, raises additional concerns about the security of edge, small office and home office devices.
By David Jones • June 21, 2024 -
Wirestock via Getty Images
TellYouThePass ransomware widely targets vulnerable PHP instances
CISA added the CVE to its known exploited vulnerabilities catalog, but so far most of the infected hosts have been observed in China.
By David Jones • June 14, 2024 -
Drew Angerer via Getty Images
Microsoft president promises significant culture changes geared towards security
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
By David Jones • June 14, 2024 -
MTStock Studio via Getty Images
Rust Foundation leads the charge to improve critical systems security
The foundation is standing up a consortium to boost the responsible use of the programming language at a time of heightened security risks.
By David Jones • June 12, 2024 -
iStock/Getty Images Plus via Getty Images
SolarWinds file-transfer vulnerability ripe for exploitation, researchers warn
Rapid7 researchers said Serv-U CVE can easily be exploited, a similar scenario that has led to other smash-and-grab attacks.
By David Jones • June 12, 2024 -
gorodenkoff via Getty Images
Critical PHP CVE is under attack — research shows it’s easy to exploit
Researchers warn they are seeing thousands of attacks against various targets, including financial services and healthcare, in the U.S. and other countries.
By David Jones • June 11, 2024 -
TU IS via Getty Images
Cyber risk is rising for poorly configured OT devices
Since late last year, researchers have identified more politically motivated groups targeting water and other key critical infrastructure systems.
By David Jones • June 3, 2024 -
iStock via Getty Images
Sponsored by AvayaSecuring your call centers: Best practices for cybersecurity protection
All call centers face cybersecurity threats because they handle information like credit card numbers, health records, and personal purchase history. However, call centers that support federal agencies have the added risk of handling highly sensitive information, making them prime targets for cybercriminals.
By Jerry Dotson, Vice President of Public Sector, Avaya • June 3, 2024 -
iStock/Getty Images Plus via Getty Images
Check Point Software VPN exploitation risk greater than previously stated: researchers
An attacker can move laterally and gain far more access to files than previously disclosed, researchers warn. Threat activity has been traced back to April.
By David Jones • May 31, 2024 -
Wirestock via Getty Images
NIST has a plan to clear the vulnerability analysis backlog
The Cyber Security and Infrastructure Security Agency and government contractor Analygence will help clear the National Vulnerability Database backlog.
By Matt Kapko • May 31, 2024 -
Just_Super via Getty Images
Check Point Software links newly identified CVE to VPN attacks
The company is now mandating customers download a hotfix designed to prevent attackers from gaining access.
By David Jones • May 29, 2024 -
Courtesy of NIST
Critical CVEs are going under-analyzed as NIST falls behind
NIST has analyzed less than 1 in 10 vulnerabilities added to the National Vulnerability Database since mid-February, according to VulnCheck research.
By Matt Kapko • May 28, 2024 -
gorodenkoff via Getty Images
Check Point Software customers targeted by hackers using old, local VPN accounts
The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.
By David Jones • May 28, 2024 -
Vitalii Pasichnyk/Getty via Getty Images
Remote-access tools the intrusion point to blame for most ransomware attacks
Self-managed VPNs from Cisco and Citrix were 11 times more likely to be linked to a ransomware attack last year, At-Bay research found.
By Matt Kapko • May 16, 2024 -
Chip Somodevilla/Getty Images via Getty Images
Black Basta ransomware is toying with critical infrastructure providers, authorities say
The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors. Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.
By David Jones • May 13, 2024 -
dem10 via Getty Images
Generative AI is a looming cybersecurity threat
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
By Jen A. Miller , Naomi Eide • May 8, 2024 -
Matt Kapko/Security Wall
China-linked attackers are successfully targeting network security devices, worrying officials
Espionage groups linked to China are heavily exploiting zero days, focusing on devices that lack endpoint detection and response capabilities, one expert said.
By Matt Kapko • May 7, 2024 -
ipopba via Getty Images
CISA, FBI urge software companies to eliminate directory traversal vulnerabilities
The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools.
By David Jones • May 7, 2024 -
shutterstock.com/Gorodenkoff
Sponsored by Synopsys5 considerations for securing your software supply chain
Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.
By Mike McGuire, Sr. Software Solution Manager, Synopsys • May 6, 2024 -
Getty Plus via Getty Images
CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action.
More than half of CISA's ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations.
By Matt Kapko • May 1, 2024 -
Chainarong Prasertthai via Getty Images
CVE exploitation nearly tripled in 2023, Verizon finds
Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes.
By David Jones • May 1, 2024
