vulnerability

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

Cisco, critical infrastructure, Don't miss, Europe, healthcare, Hot stuff, Malware, ManageEngine, News, North Korea, trojan, USA, vulnerability /

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure 25/08/2023 at 15:36 By Helga Labus North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address […]

React to this headline:

Loading spinner

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure Read More »

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies 

Laws, Management & Strategy, Risk Management, VDP, vulnerability /

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  25/08/2023 at 14:48 By Eduard Kovacs Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP). The post Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  Read More »

WinRAR patches zero-day bug that targeted stock and crypto traders

cybersecurity, exploit, hackers, Malware, vulnerability, WinRAR /

WinRAR patches zero-day bug that targeted stock and crypto traders 25/08/2023 at 08:04 By Cointelegraph By Martin Young According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise. This article is an excerpt from Cointelegraph.com News View Original Source React to this

React to this headline:

Loading spinner

WinRAR patches zero-day bug that targeted stock and crypto traders Read More »

Does a secure coding training platform really work?

code, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, opinion, sandbox, SecDim, software, training, vulnerability /

Does a secure coding training platform really work? 24/08/2023 at 07:31 By Help Net Security As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many

React to this headline:

Loading spinner

Does a secure coding training platform really work? Read More »

Anticipating the next wave of IoT cybersecurity challenges

Artificial Intelligence, cybersecurity, Don't miss, Features, FIDO Alliance, framework, Hot stuff, Internet of Things, interoperability, machine learning, News, opinion, policy, Red Alert Labs, standards, strategy, vulnerability /

Anticipating the next wave of IoT cybersecurity challenges 23/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. Atoui also delves

React to this headline:

Loading spinner

Anticipating the next wave of IoT cybersecurity challenges Read More »

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Don't miss, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS

React to this headline:

Loading spinner

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

Don't miss, Hot stuff, News, security update, Trend Micro, vulnerability, Windows, WinRAR /

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) 21/08/2023 at 14:47 By Helga Labus RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,

React to this headline:

Loading spinner

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) Read More »

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

Citrix, Citrix ShareFile, Don't miss, enterprise, file-sharing, Hot stuff, News, PoC, security update, vulnerability /

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) 17/08/2023 at 14:16 By Zeljka Zorz CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA)

React to this headline:

Loading spinner

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) Read More »

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

backdoor, Citrix, Don't miss, enterprise, Fox-IT, Hot stuff, Mandiant, News, vulnerability, web shell /

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise 16/08/2023 at 13:49 By Zeljka Zorz Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices,

React to this headline:

Loading spinner

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise Read More »

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)

Don't miss, Hot stuff, Ivanti, News, security update, Tenable, vulnerability /

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) 16/08/2023 at 12:50 By Helga Labus Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into

React to this headline:

Loading spinner

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560) Read More »

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks

attack, Cisco, Cloudflare, Data leak, Don't miss, Hot stuff, Malwarebytes, Mozilla, News, NordVPN, Privacy, research, VPN, vulnerability /

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks 14/08/2023 at 16:47 By Zeljka Zorz Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, researchers have discovered. “Our attacks are not computationally expensive, meaning anyone with the appropriate

React to this headline:

Loading spinner

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks Read More »

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking

ATM, Endpoint Security, Featured, Vulnerabilities, vulnerability /

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking 14/08/2023 at 13:46 By Eduard Kovacs Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs. The post Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking Read More »

Major vulnerabilities discovered in data center solutions

critical infrastructure, data center, Don't miss, Hot stuff, News, security update, Trellix, vulnerability /

Major vulnerabilities discovered in data center solutions 14/08/2023 at 13:17 By Helga Labus Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). “An attacker could chain these vulnerabilities together to gain full access to these

React to this headline:

Loading spinner

Major vulnerabilities discovered in data center solutions Read More »

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

ICS, ICS/OT, Microsoft, vulnerability /

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying 11/08/2023 at 15:16 By Eduard Kovacs Over a dozen Codesys vulnerabilities discovered by Microsoft researchers can be exploited to shut down industrial processes or deploy backdoors. The post Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying Read More »

How to handle API sprawl and the security threat it poses

API security, cybersecurity, Don't miss, Expert analysis, Expert corner, F5 Networks, Hot stuff, opinion, vulnerability /

How to handle API sprawl and the security threat it poses 11/08/2023 at 08:34 By Help Net Security The proliferation of APIs has marked them as prime targets for malicious attackers. With recent reports indicating that API vulnerabilities are costing businesses billions of dollars annually, it’s no wonder they are at the top of mind

React to this headline:

Loading spinner

How to handle API sprawl and the security threat it poses Read More »

White House launches AI Cyber Challenge to make software more secure

Anthropic, Artificial Intelligence, Black Hat USA 2023, critical infrastructure, cybersecurity, darpa, DEF CON, Google, Government, Microsoft, News, OpenAI, OpenSSF, software, USA, vulnerability /

White House launches AI Cyber Challenge to make software more secure 10/08/2023 at 12:33 By Help Net Security The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure. The AI Cyber Challenge (AIxCC) will challenge

React to this headline:

Loading spinner

White House launches AI Cyber Challenge to make software more secure Read More »

SAP Patches Critical Vulnerability in PowerDesigner Product

SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerability in PowerDesigner Product 09/08/2023 at 13:31 By Eduard Kovacs SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product. The post SAP Patches Critical Vulnerability in PowerDesigner Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

SAP Patches Critical Vulnerability in PowerDesigner Product Read More »

Downfall attacks can gather passwords, encryption keys from Intel processors

Amd, AWS, Citrix, CPU, Debian, Don't miss, Google, Hot stuff, Intel, News, security update, VMWare, vulnerability /

Downfall attacks can gather passwords, encryption keys from Intel processors 09/08/2023 at 13:02 By Zeljka Zorz A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and

React to this headline:

Loading spinner

Downfall attacks can gather passwords, encryption keys from Intel processors Read More »

Data exfiltration is now the go-to cyber extortion strategy

Akamai, Black Hat USA 2023, cybercrime, News, Ransomware, report, survey, vulnerability /

Data exfiltration is now the go-to cyber extortion strategy 09/08/2023 at 06:32 By Help Net Security The abuse of zero-day and one-day vulnerabilities in the past six months led to a 143% increase in victims when comparing Q1 2022 with Q1 2023, according to Akamai. Ransomware groups target the exfiltration of files The report also

React to this headline:

Loading spinner

Data exfiltration is now the go-to cyber extortion strategy Read More »

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)

Don't miss, Horizon3.ai, News, security update, Tenable, Trend Micro, vulnerability /

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) 07/08/2023 at 13:48 By Zeljka Zorz Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they noted, unlike the PaperCut vulnerability

React to this headline:

Loading spinner

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) Read More »

Scroll to Top