Vulnerability: Page 12


  • Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Comcast’s Xfinity discloses massive data breach linked to CitrixBleed vulnerability

    The breach, involving 35.9 million customers, took place just a week after Citrix released a patch for a critical flaw.

    By Dec. 19, 2023
  • Brightly colored digital lock with central computer processor and futuristic circuit board.
    Image attribution tooltip
    da-kuk via Getty Images
    Image attribution tooltip

    State-linked cyber actors behind SolarWinds plant seeds for new malicious campaign

    U.S. authorities are raising alarms that the 2020 Sunburst attack threat actors are exploiting a CVE in JetBrains TeamCity in preparation for future supply chain compromises.

    By Dec. 15, 2023
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    CitrixBleed isn’t going away: Security experts struggle to control critical vulnerability

    While officials echo urgent mitigation steps to contain the zero-day vulnerability, high-profile organizations continue to bear the impact.

    By Dec. 14, 2023
  • Brightly colored digital lock with central computer processor and futuristic circuit board.
    Image attribution tooltip
    da-kuk via Getty Images
    Image attribution tooltip

    2 years on, Log4j still haunts the security community

    Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions. 

    By Dec. 8, 2023
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    Progress Software discloses 2 new CVEs in MOVEit

    The latest set of vulnerabilities in the file-transfer service brings the total number of disclosed CVEs to eight since a zero-day was widely exploited in late May.

    By Dec. 7, 2023
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    CISA performance goals program trims exploited CVEs

    Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.

    By Dec. 6, 2023
  • An illustration of the front of a bank connected to different icons representing digital services.
    Image attribution tooltip
    Chor muang via Getty Images
    Image attribution tooltip

    Dozens of credit unions confront outages linked to third-party ransomware attack

    CitrixBleed ensnared another industry, leading to a network incident at Ongoing Operations, which provides business continuity services.

    By Dec. 4, 2023
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    Yet again, threat actors exploit a critical file-transfer service CVE

    File-transfer services are prime targets and vulnerabilities in the open source ownCloud mark the latest in a series of critical services under attack.

    By Updated Dec. 1, 2023
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    CitrixBleed worries mount as nation state, criminal groups launch exploits

    LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

    By Nov. 22, 2023
  • Juniper bush.
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images
    Image attribution tooltip

    5 Juniper CVEs actively exploited in the wild

    The vendor warned the Junos OS vulnerabilities can be chained to remotely execute code.

    By Nov. 15, 2023
  • A series of yellow folders that depict lines of binary code running between them.
    Image attribution tooltip
    D3Damon via Getty Images
    Image attribution tooltip

    File-transfer services, rich with sensitive data, are under attack

    A trio of supply-chain attacks in 2023 created turmoil for thousands of corporate victims and their customers.

    By Nov. 14, 2023
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    CitrixBleed sparks race to patch, hunt for malicious activity

    CISA urged organizations to patch, mitigate and report any positive findings as Citrix NetScaler ADC and NetScaler Gateway users remain exposed to session hijack.

    By Nov. 8, 2023
  • Image of Atlassian offices
    Image attribution tooltip
    Courtesy of Atlassian
    Image attribution tooltip

    Atlassian Confluence customers confront pair of critical vulnerabilities

    Back-to-back vulnerabilities in the enterprise content collaboration and management workspace remain under active attack by threat actors.

    By Nov. 7, 2023
  • Female IT Server Specialist Standing in Data Center. View from Rack Server Cabinet with Cloud Server User Interface Icons and Visualization in the Foreground.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CISA targets software identification in push to boost supply chain security

    The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

    By Oct. 27, 2023
  • Businessman looking at city through office window
    Image attribution tooltip
    baona via Getty Images
    Image attribution tooltip

    Citrix urges NetScaler ADC, Gateway customers to patch

    The company warned of session hijacking and targeted attacks against a critical vulnerability.

    By Oct. 24, 2023
  • An image of a digital lock is shown
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Cisco urges IOS XE customers to patch as thousands of devices remain infected

    The company released enhanced guidance after security researchers were temporarily unable to detect exploited devices.

    By Oct. 24, 2023
  • Activision
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft extends security log retention following State Department hacks

    Government and private sector customers will be able to search cloud data records for malicious threat activity by default.

    By Oct. 23, 2023
  • Teacher Giving Computer Science Lecture to Diverse Multiethnic Group of Female and Male Students in Dark College Room.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Cisco releases security fix for widely-exploited IOS XE software vulnerability

    An unidentified threat actor is linked to attacks dating back to mid-September, resulting in about 42,000 exploited devices.

    By Updated Oct. 23, 2023
  • Double exposure shot of backside of a computer and red binary codes.
    Image attribution tooltip
    Suebsiri via Getty Images
    Image attribution tooltip

    Critical flaw in JetBrains TeamCity exploited weeks after patch issued

    State-linked actors are targeting the CI/CD platform, and the vendor warns backdoors are lingering undetected.

    By Oct. 20, 2023
  • Brightly colored digital lock with central computer processor and futuristic circuit board.
    Image attribution tooltip
    da-kuk via Getty Images
    Image attribution tooltip

    Almost 42K Cisco IOS XE devices exploited, no patch available

    Security researchers warn the number of infected hosts grew after a critical zero-day vulnerability was found.

    By Oct. 19, 2023
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    Citrix Netscaler patch for critical CVE bypassed by malicious hackers

    Citrix issued the patch on Oct. 10 for critical vulnerabilities in Netscaler ADC and Netscaler Gateway, but Mandiant is urging users to terminate all sessions.

    By Updated Oct. 19, 2023
  • A bicyclist rides by a sign that is posted in front of the Cisco Systems headquarters on August 10, 2011 in San Jose, California.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Cisco’s critical IOS XE software zero day is a ‘bad situation’

    Researchers from VulnCheck said they have found thousands of implanted hosts.

    By Oct. 17, 2023
  • An image of a digital lock is shown
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Critical Atlassian Confluence CVE under exploit by prolific state-linked actor

    Microsoft researchers warn a threat actor with ties to China has been exploiting the vulnerability since mid-September.

    By Oct. 13, 2023
  • Digital technology vector background depicting a cyberattack.
    Image attribution tooltip
    WhataWin via Getty Images
    Image attribution tooltip

    Microsoft tops CISA’s list of exploited CVEs used in ransomware attacks

    CISA updated its Known Exploited Vulnerabilities Catalog to alert organizations to CVEs linked to ransomware.

    By Oct. 13, 2023
  • An engineer works with robotic arms in a factory using AI.
    Image attribution tooltip
    greenbutterfly via Getty Images
    Image attribution tooltip

    Federal agencies press OT/ICS providers on open-source security

    The U.S. is scrutinizing the security of critical infrastructure providers, which are becoming more dependent on connected infrastructure.

    By Oct. 12, 2023