CVE

CVE count set to rise by 25% in 2024

Coalition, CVE, cybersecurity, exploit, News, patching, RDP, report, vulnerability management /

CVE count set to rise by 25% in 2024 2024-02-26 at 07:00 By Help Net Security The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens software vulnerability concerns Vulnerabilities […]

React to this headline:

Loading spinner

CVE count set to rise by 25% in 2024 Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability /

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

React to this headline:

Loading spinner

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

CVE Prioritizer: Open-source tool to prioritize vulnerability patching

CVE, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software /

CVE Prioritizer: Open-source tool to prioritize vulnerability patching 2024-02-19 at 08:01 By Mirko Zorz CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your

React to this headline:

Loading spinner

CVE Prioritizer: Open-source tool to prioritize vulnerability patching Read More »

CVEMap: Open-source tool to query, browse and search CVEs

CISA, CVE, cybersecurity, Don't miss, GitHub, HackerOne, Hot stuff, News, open source, Project Discovery, software /

CVEMap: Open-source tool to query, browse and search CVEs 2024-02-01 at 07:01 By Mirko Zorz CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although CVEs are crucial for pinpointing and discussing security

React to this headline:

Loading spinner

CVEMap: Open-source tool to query, browse and search CVEs Read More »

45% of critical CVEs left unpatched in 2023

Armis, attacks, CVE, cybercrime, cybersecurity, News, report, survey /

45% of critical CVEs left unpatched in 2023 2024-01-25 at 06:01 By Help Net Security Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched. Utilities (over 200% increase) and manufacturing (165% increase) were the most at risk

React to this headline:

Loading spinner

45% of critical CVEs left unpatched in 2023 Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian, Atlassian Confluence, CVE, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

React to this headline:

Loading spinner

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

Creating a formula for effective vulnerability prioritization

Compliance, CVE, CVSS, cybersecurity, Don't miss, Features, framework, Hot stuff, Morphisec, News, opinion, vulnerability management /

Creating a formula for effective vulnerability prioritization 18/12/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventories, and manual methods, while also exploring the role

React to this headline:

Loading spinner

Creating a formula for effective vulnerability prioritization Read More »

December 2023 Patch Tuesday: 33 fixes to wind the year down

CVE, Don't miss, Hot stuff, Microsoft, News, Outlook, Patch Tuesday, security update, Tenable, Trend Micro /

December 2023 Patch Tuesday: 33 fixes to wind the year down 12/12/2023 at 23:20 By Zeljka Zorz Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were

React to this headline:

Loading spinner

December 2023 Patch Tuesday: 33 fixes to wind the year down Read More »

The hidden costs of Java, and the impact of pricing changes

Azul, Cloud, cloud computing, CVE, cybersecurity, Java, Log4j, News, open source, Oracle, report, survey /

The hidden costs of Java, and the impact of pricing changes 01/11/2023 at 07:01 By Help Net Security An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications, according to Azul. When including

React to this headline:

Loading spinner

The hidden costs of Java, and the impact of pricing changes Read More »

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

attack, attacks, AWS, Cloudflare, CVE, cybersecurity, DDoS, Google, News, threat, vulnerability /

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) 10/10/2023 at 16:21 By Help Net Security Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late

React to this headline:

Loading spinner

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) Read More »

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty

0-day, apple, Chrome, CVE, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, Patch Tuesday, predictions /

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty 06/10/2023 at 07:47 By Help Net Security September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors. If

React to this headline:

Loading spinner

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty Read More »

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)

Adobe, Automox, CVE, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, patch, Patch Tuesday, security update, Tenable, Trend Micro /

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:

React to this headline:

Loading spinner

Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) Read More »

The ransomware rollercoaster continues as criminals advance their business models

Black Hat USA 2023, CVE, cybercrime, cybersecurity, Endpoint Security, Fortinet, Malware, MITRE, News, Ransomware, report, survey /

The ransomware rollercoaster continues as criminals advance their business models 09/08/2023 at 06:02 By Help Net Security Ransomware shows no signs of slowing, with ransomware activity ending 13 times higher than at the start of 2023 as a proportion of all malware detections, according to Fortinet. Ransomware detections 1H 2023 FortiGuard Labs has documented substantial

React to this headline:

Loading spinner

The ransomware rollercoaster continues as criminals advance their business models Read More »

Owncast, EaseProbe security vulnerabilities revealed

CVE, News, open source, Oxeye, software, vulnerability, vulnerability disclosure /

Owncast, EaseProbe security vulnerabilities revealed 11/07/2023 at 11:17 By Help Net Security Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted,

React to this headline:

Loading spinner

Owncast, EaseProbe security vulnerabilities revealed Read More »

High-risk vulnerabilities patched in ABB Aspect building management system

CVE, News, Prism Infosec, smart building, vulnerability /

High-risk vulnerabilities patched in ABB Aspect building management system 07/06/2023 at 13:06 By Help Net Security Prism Infosec has identified two high-risk vulnerabilities within the Aspect Control Engine building management system (BMS) developed by ABB. ABB’s Aspect BMS enables users to monitor a building’s performance and combines real-time integrated control, supervision, data logging, alarming, scheduling

React to this headline:

Loading spinner

High-risk vulnerabilities patched in ABB Aspect building management system Read More »

Scroll to Top