SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achi.....»»
GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health
GitGuardian has released its Software Composition Analysis (SCA) module. SCA directly impacts the health of organizations’ codebase by automating vulnerability detection, prioritization, and remediation in software dependencies. Its additional capa.....»»
This ‘unpatchable’ Mac flaw is keeping me up at night
A newly discovered vulnerability could leave Apple Silicon Macs wide open to malicious hacker attacks -- and it looks like the flaw can’t even be patched......»»
Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for enterprise resilience In this Help Net Security interview, Pedro Cameirão, Head of Cyber D.....»»
Hackers can unlock over 3 million hotel doors in seconds
Saflok has a fix for the vulnerability, but patching may take a long time. Enlarge / A Saflok branded lock. (credit: Dormakaba) When thousands of security researchers descend on Las Vegas every August for what's come to.....»»
CISA: Here’s how you can foil DDoS attacks
In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental ent.....»»
Apple Silicon vulnerability leaks encryption keys, and can"t be patched easily
A new vulnerability in Apple Silicon chips can allow a determined attacker to access a user's data by stealing the cryptographic keys — and a fix could considerably impact encryption performance.Apple Silicon M2 in front of a MacBookResearchers hav.....»»
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance. Enlarge (credit: Aurich Lawson | Apple) A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extra.....»»
Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware
Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-20.....»»
Secrets sprawl: Protecting your critical secrets
Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messa.....»»
Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it R.....»»
ControlUp Secure DX reduces endpoint management complexity
ControlUp announced Secure DX, a real-time scanning, detection, and remediation solution that improves the security posture of endpoint devices without compromising the digital employee experience. By continuously and autonomously spotting and resolv.....»»
Semgrep Assistant boosts AppSec team productivity using AI
Semgrep announced Semgrep Assistant, a tool that uses Artificial Intelligence (AI) to drive efficiencies and uncover insights across all phases of an AppSec program, from rule creation to remediation. Semgrep is a static code analysis tool that alert.....»»
NIST’s NVD has encountered a problem
Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who r.....»»
PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)
Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that.....»»
Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)
A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a.....»»
Only 13% of medical devices support endpoint protection agents
63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, acc.....»»
Thrive Incident Response & Remediation helps organizations contain and remove threats
Thrive launched Thrive Incident Response & Remediation, an on-demand cybersecurity response service to contain and remove threats, along with engineering assistance to rebuild and restore critical systems. Phishing, ransomware and other cyberattacks.....»»
Security Bite: Hackers breach CISA, forcing the agency to take some systems offline
The Cybersecurity and Infrastructure Security Agency (CISA) says two systems were hacked in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical ties to U.S. infrast.....»»
How new and old security threats keep persisting
Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working, according to Cymulate. Security leaders take proactive approach to cybersecurity Rather than waiting for the nex.....»»
Skybox 13.2 empowers organizations to identify and remediate vulnerabilities
Skybox Security announced Skybox 13.2, introducing enhancements to its Vulnerability and Threat Management solution. These updates mark a significant milestone in vulnerability prioritization and attack surface management, empowering organizations wi.....»»