CVE

45% of critical CVEs left unpatched in 2023

Armis, attacks, CVE, cybercrime, cybersecurity, News, report, survey /

45% of critical CVEs left unpatched in 2023 2024-01-25 at 06:01 By Help Net Security Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched. Utilities (over 200% increase) and manufacturing (165% increase) were the most at risk […]

React to this headline:

Loading spinner

45% of critical CVEs left unpatched in 2023 Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian, Atlassian Confluence, CVE, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

React to this headline:

Loading spinner

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

Creating a formula for effective vulnerability prioritization

Compliance, CVE, CVSS, cybersecurity, Don't miss, Features, framework, Hot stuff, Morphisec, News, opinion, vulnerability management /

Creating a formula for effective vulnerability prioritization 18/12/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventories, and manual methods, while also exploring the role

React to this headline:

Loading spinner

Creating a formula for effective vulnerability prioritization Read More »

December 2023 Patch Tuesday: 33 fixes to wind the year down

CVE, Don't miss, Hot stuff, Microsoft, News, Outlook, Patch Tuesday, security update, Tenable, Trend Micro /

December 2023 Patch Tuesday: 33 fixes to wind the year down 12/12/2023 at 23:20 By Zeljka Zorz Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were

React to this headline:

Loading spinner

December 2023 Patch Tuesday: 33 fixes to wind the year down Read More »

The hidden costs of Java, and the impact of pricing changes

Azul, Cloud, cloud computing, CVE, cybersecurity, Java, Log4j, News, open source, Oracle, report, survey /

The hidden costs of Java, and the impact of pricing changes 01/11/2023 at 07:01 By Help Net Security An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications, according to Azul. When including

React to this headline:

Loading spinner

The hidden costs of Java, and the impact of pricing changes Read More »

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

attack, attacks, AWS, Cloudflare, CVE, cybersecurity, DDoS, Google, News, threat, vulnerability /

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) 10/10/2023 at 16:21 By Help Net Security Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late

React to this headline:

Loading spinner

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) Read More »

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty

0-day, apple, Chrome, CVE, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, Patch Tuesday, predictions /

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty 06/10/2023 at 07:47 By Help Net Security September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors. If

React to this headline:

Loading spinner

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty Read More »

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)

Adobe, Automox, CVE, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, patch, Patch Tuesday, security update, Tenable, Trend Micro /

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:

React to this headline:

Loading spinner

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) Read More »

The ransomware rollercoaster continues as criminals advance their business models

Black Hat USA 2023, CVE, cybercrime, cybersecurity, Endpoint Security, Fortinet, Malware, MITRE, News, Ransomware, report, survey /

The ransomware rollercoaster continues as criminals advance their business models 09/08/2023 at 06:02 By Help Net Security Ransomware shows no signs of slowing, with ransomware activity ending 13 times higher than at the start of 2023 as a proportion of all malware detections, according to Fortinet. Ransomware detections 1H 2023 FortiGuard Labs has documented substantial

React to this headline:

Loading spinner

The ransomware rollercoaster continues as criminals advance their business models Read More »

Owncast, EaseProbe security vulnerabilities revealed

CVE, News, open source, Oxeye, software, vulnerability, vulnerability disclosure /

Owncast, EaseProbe security vulnerabilities revealed 11/07/2023 at 11:17 By Help Net Security Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted,

React to this headline:

Loading spinner

Owncast, EaseProbe security vulnerabilities revealed Read More »

High-risk vulnerabilities patched in ABB Aspect building management system

CVE, News, Prism Infosec, smart building, vulnerability /

High-risk vulnerabilities patched in ABB Aspect building management system 07/06/2023 at 13:06 By Help Net Security Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling

React to this headline:

Loading spinner

High-risk vulnerabilities patched in ABB Aspect building management system Read More »

Scroll to Top