SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achi.....»»
Study challenges classical view of the Antarctic Circumpolar Current origin and warns of its vulnerability
The Circumpolar Current works as a regulator of the planet's climate. Its origins were thought to have caused the formation of the permanent ice in Antarctica about 34 million years ago. Now, a study led by the University of Barcelona, the Instituto.....»»
Security Bite: Use these iPhone privacy and security features in iOS 17.3, more
Last week on Security Bite, I discussed a vulnerability in Stolen Device Protection, a newly added security feature in iOS 17.3. Vision Pro has since hit the market and has been dominating the headlines. This Sunday, I wanted to give your feed fresh.....»»
CVEMap: Open-source tool to query, browse and search CVEs
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although.....»»
Custom rules in security tools can be a game changer for vulnerability detection
In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need to avoid slowing down the process, he recommends a nuanced approach, utilizing custo.....»»
The effect of omission bias on vulnerability management
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vul.....»»
PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based.....»»
Update your Apple devices, because the latest releases patched a major security flaw
Apple's latest updates to all its operating systems from macOS Sonoma to tvOS 17.3, included a fix to prevent a WebKit security vulnerability that the company says has been exploited.Researchers show how a GPU vulnerability could be exploitedAlongsid.....»»
Apple debuts new feature to frustrate iPhone thieves
Besides fixing an actively exploited zero-day vulnerability, the latest update for the iOS 17 branch offers a new feature to help you protect your accounts and sensitive information in case your iPhone gets stolen. Stolen Device Protection If enabled.....»»
Seceon aiSIEM-CGuard protects cloud-powered applications and infrastructure
Seceon announces aiSIEM-CGuard enabling partners and customers with comprehensive protection, detection, automatic remediation for cloud-powered resources. With an automated signup process and margin-friendly pricing, MSP/MSSPs can now add protection.....»»
Attackers can steal NTLM password hashes via calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev.....»»
Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)
A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vuln.....»»
AMD and Apple face a dangerous new security flaw
Researchers just discovered a new vulnerability that allows hackers to steal data and affects Apple, AMD, and Qualcomm......»»
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)
A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in th.....»»
Most older iPhones, Macs, and iPads are vulnerable to a new GPU security flaw
A security flaw named LeftoverLocals lets attackers access data that has been processed in a device's GPU, and while Apple says A17 iPhone and M3 Macs have fixes, older models do not.Researchers show how a GPU vulnerability could be exploitedThe repo.....»»
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.....»»
Why we must bring order to cyber vulnerability chaos
Why we must bring order to cyber vulnerability chaos.....»»
Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer. About the malware Phemedrone Stealer is a piece of ma.....»»
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could a.....»»
Candida evolution disclosed: New insights into fungal infections
Global fungal infections, which affect 1 billion people and cause 1.5 million deaths each year, are on the rise due to the increasing number of medical treatments that heighten vulnerability. Patients undergoing chemotherapy or immunosuppressive trea.....»»
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have two-factor authentication enabled on their account are safe from account takeo.....»»