Vulnerability: Page 4
-
Getty Plus via Getty Images
CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action.
More than half of CISA's ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations.
By Matt Kapko • May 1, 2024 -
Chainarong Prasertthai via Getty Images
CVE exploitation nearly tripled in 2023, Verizon finds
Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes.
By David Jones • May 1, 2024 -
DKosig via Getty Images
Cactus ransomware targets a handful of Qlik Sense CVEs
Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.
By David Jones • April 29, 2024 -
shutterstock.com/PeopleImages.com - Yuri A
Sponsored by SynopsysWhat to do when your team is struggling to manage too many application security vendors
A good ASPM solution will correlate and analyze data from a variety of sources, allow you to administer and orchestrate security tools, and automate your security policies.
April 29, 2024 -
dem10 via Getty Images
Cisco devices again targeted by state-linked threat campaign
The campaign, dubbed ArcaneDoor, dates back to late 2023 and is targeting perimeter network devices from Cisco — and potentially other companies.
By David Jones • April 25, 2024 -
D3Damon via Getty Images
Zero-day exploits hit CrushFTP, researchers expect rapid exploitation
CrushFTP CEO Ben Spink said the company isn’t aware of any data theft thus far, but researchers see echoes of MOVEit exploits and other high-profile file-transfer vulnerabilities.
By Matt Kapko • April 24, 2024 -
Simonkr via Getty Images
Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg
State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.
By David Jones • April 24, 2024 -
stefanovsky via Getty Images
Enterprises are getting better at detecting security incidents
Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.
By David Jones • April 23, 2024 -
DKosig via Getty Images
Palo Alto Networks quibbles over impact of exploited, compromised firewalls
The security vendor downplayed the impact of exploit activity, describing most attempts as unsuccessful, but outside researchers say 6,000 devices are vulnerable.
By Matt Kapko • April 23, 2024 -
Philipp Tur/Getty Images Plus via Getty Images
Mitre R&D network hit by Ivanti zero-day exploits
Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.
By Matt Kapko • April 22, 2024 -
iStock/Getty Images Plus via Getty Images
Palo Alto Networks warns firewall exploits are spreading
Attempted exploits and attacks linked to the zero-day vulnerability, which has a CVSS of 10, grew after proof of concepts were released.
By Matt Kapko • April 18, 2024 -
Matt Kapko/Cybersecurity Dive
Palo Alto Networks fixes maximum severity, exploited CVE in firewalls
The security vendor said a “limited number of attacks” were linked to the exploited vulnerability. Volexity observed exploits dating back to March 26.
By Matt Kapko • April 16, 2024 -
Leon Neal / Staff via Getty Images
ChatGPT grabs the shadow IT crown: report
Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.
By Matt Ashare • April 16, 2024 -
Courtesy of NIST
What’s going on with the National Vulnerability Database?
CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.
By Matt Kapko • April 10, 2024 -
Stephen Brashear via Getty Images
Microsoft embraces common weakness enumeration standard for vulnerability disclosure
The policy change is part of the company's wider effort to improve security practices and become more transparent following years of scrutiny.
By David Jones • April 10, 2024 -
Andrew Brookes
Mandiant spots advanced exploit activity in Ivanti devices
The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.
By Matt Kapko • April 9, 2024 -
Just_Super via Getty Images
D-Link tells customers to sunset actively exploited storage devices
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
By Matt Kapko • April 8, 2024 -
gorodenkoff via Getty Images
Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree
CEO Jeff Abbott said significant changes are underway. The beleaguered company committed to improve product security, share learnings and be more responsive to customers.
By David Jones • April 4, 2024 -
Wirestock via Getty Images
Motivations behind XZ Utils backdoor may extend beyond rogue maintainer
Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.
By David Jones • April 2, 2024 -
Techa Tungateja via Getty Images
Red Hat warns of backoor in widely used Linux utility
With a CVSS of 10, CISA urged users and developers to downgrade to an uncompromised version, search for any malicious activity and report findings back to the agency.
By David Jones • April 1, 2024 -
Chip Somodevilla via Getty Images
Progress Software continues to cooperate with SEC probe into MOVEit exploitation
The company said it still cannot quantify the potential impact of multiple government agency inquiries.
By David Jones • March 29, 2024 -
Courtesy of Billington CyberSecurity Summit
Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines
The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.
By David Jones • March 28, 2024 -
iStock via Getty Images
Software makers urged to flush SQL injection vulnerabilities
CISA and FBI officials linked attacks against MOVEit file transfer software to preventable defects.
By David Jones • March 26, 2024 -
Getty Plus via Getty Images
Threat groups hit enterprise software, network infrastructure hard in 2023
Recorded Future observed an approximately threefold increase in actively exploited high-risk vulnerabilities in enterprise software and network infrastructure, such as VPNs.
By Matt Kapko • March 22, 2024 -
Chip Somodevilla via Getty Images
AI’s copyright problem will soon slow adoption, Gartner says
The analyst firm said efforts to mitigate intellectual property leaks and copyright infringement will diminish ROI.
By Lindsey Wilkinson • March 19, 2024
Previous
