FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFro.....»»
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs. Enlarge (credit: Getty Images) As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security upd.....»»
SINEC Security Guard identifies vulnerable production assets
Production facilities are increasingly the target of cyberattacks. Industrial companies are therefore required to identify and close potential vulnerabilities in their systems. To address the need to identify cybersecurity vulnerabilities on the shop.....»»
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
D-Link won't be patching vulnerable NAS devices because they're no longer supported. Enlarge (credit: Getty Images) Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer net.....»»
April 2024 Patch Tuesday forecast: New and old from Microsoft
This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw updates to Mic.....»»
Threat actors are raising the bar for cyber attacks
From sophisticated nation-state-sponsored intrusions to opportunistic malware campaigns, cyber attacks manifest in various forms, targeting vulnerabilities in networks, applications, and user behavior. The consequences of successful cyber attacks can.....»»
Ivanti CEO pledges to “fundamentally transform” its hard-hit security model
Part of the reset involves AI-powered documentation search and call routing. Enlarge (credit: Getty Images) Ivanti, the remote-access company whose remote-access products have been battered by severe exploits in recent m.....»»
Ivanti vows to transform its security operating model, reveals new vulnerabilities
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three mo.....»»
NVD: NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S......»»
Finding software flaws early in the development process provides ROI
Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States r.....»»
Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer.....»»
Thousands of Asus routers taken over by malware to form new proxy service
Outdated Asus routers are being assimilated into a malicious botnet used by hackers to hide their traces.....»»
Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applicati.....»»
BackBox platform update enhances CVE mitigation and risk scoring
After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitig.....»»
Interos Resilience Watchtower enables companies to monitor vulnerabilities
Interos announced Interos Resilience Watchtower, a personalized risk technology that evolves organizations from monitoring to action. The module allows leaders to build tailored risk models that prioritize at-risk suppliers based on their materiality.....»»
Security best practices for GRC teams
Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CE.....»»
Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps
Synopsys released Synopsys fAST Dynamic, a new dynamic application security testing (DAST) offering on the Synopsys Polaris Software Integrity Platform. fAST Dynamic enables development, security, and DevOps teams to find and fix security vulnerabili.....»»
Apple worries DMA has lowered the cost of iPhone exploits
Apple has been forced by the EU to allow app purchases and installs without the App Store. The effort to enable the capabilities as securely as possible has been massive. The details continue to evolve based on developer arms regulatory feedback, and.....»»
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC.....»»
Only 13% of medical devices support endpoint protection agents
63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, acc.....»»
New Relic empowers IT and engineering teams to focus on real application security problems
New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing. New Relic customers can now identify exploitable vulnerabilities with an ability.....»»