SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achi.....»»
Sentra Jagger provides real-time security insights and AI-assisted remediation guidelines
Sentra announced Sentra Jagger, a Large Language Model (LLM)-assistant for cloud data security. This new capability enhances the functionality of Sentra’s core Data Security Posture Management (DSPM) and Data Detection and Response (DDR) platfo.....»»
3D printer users say their devices were hacked to warn of a security flaw
A benevolent hacker is warning of a 3D printer vulnerability and asking the company to make the printer open source......»»
VIAVI enhances Observer Sentry’s exposure and vulnerability analysis
VIAVI Solutions announced the addition of traffic analysis capabilities to its Observer Sentry Software-as-a-Service-based threat exposure management solution. With traffic visibility, Observer Sentry goes beyond identifying unintended and potentiall.....»»
Does AI remediation spell the end for developers in 2024?
Big tech firms are already rolling out AI remediation tools to prevent developers from introducing security risks into the software development lifecycle (SDLC). In this Help Net Security video, Matias Madou, CTO at Secure Code Warrior, discusses how.....»»
Apple’s Shortcuts could be a shortcut to a privacy nightmare
According to a recent security report, it seems that Apple’s Shortcuts has a vulnerability that allows access to sensitive data. The post Apple’s Shortcuts could be a shortcut to a privacy nightmare appeared first on Phandroid. One adv.....»»
A critical Shortcuts vulnerability was fixed in iOS 17.3
According to research performed by Bitdefender, prior to the iOS 17.3 update, a malicious Shortcut could capture sensitive data like photos and send it to an attacker.Apple's Shortcuts appShortcuts are built into iOS, iPadOS, and macOS to provide use.....»»
Pentera collaborates with SpyCloud to reduce dwell time of compromised credentials
Pentera announced an integration with SpyCloud to automate the discovery and validation of compromised identities. Pentera uses exposure intelligence data to identify exploitable identities and facilitates targeted remediation to proactively reduce r.....»»
CVE Prioritizer: Open-source tool to prioritize vulnerability patching
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effec.....»»
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Ab.....»»
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)
Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation I.....»»
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)
Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding.....»»
Decryptor for Rhysida ransomware is available!
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. Rhysida and its ransomware Rhysida is a relatively new ransomware-as-a-se.....»»
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attac.....»»
On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with H.....»»
Critical vulnerability affecting most Linux distros allows for bootkits
Buffer overflow in bootloader shim allows attackers to run code each time devices boot up. Enlarge Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the install.....»»
Adaptiva launches risk-based prioritization capability for OneSite Patch
Adaptiva announced the deployment of its new risk-based prioritization capability for OneSite Patch. The automated risk-based prioritization feature enables IT professionals to prioritize and patch vulnerabilities based on criticality and risk severi.....»»
As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3
Hackers looking to diversify began mass-exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN s.....»»
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)
Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have been upgraded to close the hole. About Mastodon Mastodon is open-source (serv.....»»
As if two Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3
Hackers looking to diversify, began mass exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN.....»»
As if two Ivanti vulnerabilities under explot wasn’t bad enough, now there are 3
Hackers looking to diversify, began mass exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN.....»»