SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achi.....»»
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is.....»»
ESET updates Vulnerability and Patch Management module
ESET released its updated ESET Vulnerability and Patch Management module. With the new update, ESET V&PM has expanded to support Linux1 (desktops and servers), as well as macOS2 devices, covering broader parts of a business’ ecosystem. The V&PM.....»»
Adaptiva improves collaboration between IT and security teams with vulnerability dashboards
Adaptiva announces the latest feature release for OneSite Patch: vulnerability dashboards. These new dashboards provide real-time visibility into Common Vulnerabilities and Exposures (CVEs) in the environment and patches that can remediate them–emp.....»»
New tool provides knowledge on heat stress vulnerability in cities for more targeted adaptation
Heat-related deaths and diseases are a major concern in Europe amid increasing extended periods of extreme heat. A recent study proposes a novel way of quantifying and projecting future vulnerability to heat stress in different areas of a city, provi.....»»
Qualcomm zero-day under targeted exploitation (CVE-2024-43047)
An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities af.....»»
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11.....»»
If you think your robot vacuum is watching you, you might not be wrong
A new report finds a worrisome Ecovacs vulnerability.....»»
Best practices for implementing threat exposure management, reducing cyber risk exposure
In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising.....»»
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited V.....»»
Attackers exploit critical Zimbra vulnerability using cc’d email addresses
When successful, attacks install a backdoor. Getting it to work reliably is another matter. Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimb.....»»
Demonstrating how Great Barrier Reef water quality targets can be achieved through gully remediation
A new study conducted at Bonnie Doon Creek on the lower Burdekin River in Queensland has demonstrated a significant reduction in sediment yield through large-scale remediation of alluvial gullies. The findings are published in the journal Internation.....»»
PlexTrac unveils new capabilities to prioritize proactive security remediation
PlexTrac announced significant enhancements to its platform. These updates are designed to help enterprises and security service providers harness proactive security by offering business context, automating risk scoring to focus on what matters most,.....»»
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – s.....»»
Balbix D3 accelerates vulnerability mitigation
Balbix unveild Balbix D3, the latest version of its exposure management platform. Packed with AI innovations, Balbix D3 is designed to help cybersecurity teams mitigate critical exposures faster than ever before, protecting organizations against emer.....»»
SAFE X equips CISOs with integrated data from all their existing cybersecurity products
Safe Security launched SAFE X, a generative AI-powered mobile app for CISOs. SAFE X delivers CISOs real-time business impact insights into their cybersecurity posture, enabling better decision-making and risk prioritization. CISOs often invest millio.....»»
Arc Browser had a ‘serious’ security vulnerability, here’s how they’re addressing it
Back in late August, The Browser Company – the company behind the popular Mac browser Arc, became aware of a serious security vulnerability in the browser, one that could allow for remote code execution on other users computer with no direct intera.....»»
SpyCloud Connect delivers automated remediation of compromised identities
SpyCloud released new hosted automation solution, SpyCloud Connect, which delivers custom-built automation workflows to Information Security (InfoSec) and Security Operations (SecOps) teams. The solution enables rapid automation of SpyCloud’s suite.....»»
Climate change accelerates vulnerability and loss of resilience of a key species for the Mediterranean ecosystem: Study
A study by the University of Barcelona has analyzed the ability of red gorgonians (Paramuricea clavata), a key species for the Mediterranean marine ecosystem, to resist and recover after marine heat waves......»»
ArmorCode unveils two modules to help reduce software-based risks
ArmorCode announced the expansion of its platform with the launch of two new modules for Penetration Testing Management and Exceptions Management. Alongside AI-powered Correlation and Remediation, these modules further advance ArmorCode’s leading p.....»»
Arc Browser had a ‘serious’ security vulnerability last month, now patched
Back in late August, The Browser Company – the company behind the popular Mac browser Arc, became aware of a serious security vulnerability in the browser, one that could allow for remote code execution on other users computer with no direct intera.....»»