More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available Patches18 Mar 2024 |
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers War of words wages on between vendors divided Patches12 Mar 2024 | 10
Font security 'still a Helvetica of a problem' says Australian graphics outfit Canva Who knew that unzipping a font archive could unleash a malicious file Security08 Mar 2024 | 38
JetBrains TeamCity under attack by ransomware thugs after disclosure mess More than 1,000 servers remain unpatched and vulnerable Cyber-crime07 Mar 2024 | 11
Apple's trademark tight lips extend to new iPhone, iPad zero-days Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Patches06 Mar 2024 |
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Updated Exploits began within hours of the original disclosure, so patch now Patches05 Mar 2024 | 37
Zoom stomps critical privilege escalation bug plus 6 other flaws All desktop and mobile apps vulnerable to at least one of the vulnerabilities Patches15 Feb 2024 |
QNAP vulnerability disclosure ends up an utter shambles Two new flaws, one zero-day, countless different patches, but everything's fine! Patches13 Feb 2024 | 8
Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Software company's claim of there being no active exploits also being questioned Security09 Feb 2024 | 5
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim An orchestra of fails for the security vendor Cyber-crime09 Feb 2024 | 6
Raspberry Robin devs are buying exploits for faster attacks One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research08 Feb 2024 | 2
JetBrains urges swift patching of latest critical TeamCity flaw Cloud version is safe, but no assurances offered about possible on-prem exploits Patches07 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs The closest thing we may ever get to a real-life Die Hard 2 scenario Research03 Feb 2024 | 17
Critical vulnerability in Mastodon is pounced upon by fast-acting admins Danger of remote account takeovers leaves lead devs scared of releasing many details Security02 Feb 2024 | 20
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks Evidence mounts of an exploit gatekept within Russia's borders Research31 Jan 2024 |
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns Many versions still without fixes while sophisticated attackers bypass mitigations Patches31 Jan 2024 | 8
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released Multiple publicly available exploits have since been published for the critical flaw Security30 Jan 2024 | 2
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process Vendor gets tangled in its own web of undisclosed vulnerabilities Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug Ancient path traversal exploit offers remote attackers admin access Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE Patches22 Jan 2024 | 7
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 Research16 Jan 2024 | 8
Ivanti zero-day exploits explode as bevy of attackers get in on the act Customers still patchless and mitigation only goes so far Cyber-crime16 Jan 2024 | 6
Thousands of Juniper Networks devices vulnerable to critical RCE bug Yet more support for the argument to adopt memory-safe languages Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers The bug with a perfect 10 severity score has been ripe for exploitation since May Patches15 Jan 2024 | 21
Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew It’s taken months for crims to hack together a working exploit chain Cyber-crime12 Jan 2024 | 8
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits Customers currently left patchless while attacks are expected to increase Cyber-crime11 Jan 2024 | 6
Apache OFBiz zero-day pummeled by exploit attempts after disclosure Issue has been patched so be sure to check your implementations Cyber-crime08 Jan 2024 |
Four in five Apache Struts 2 downloads are for versions featuring critical flaw Seriously, people - please check the stuff you fetch more carefully Patches21 Dec 2023 | 10
SSH shaken, not stirred by Terrapin vulnerability No need to panic, but grab those updates or mitigations anyway just to be safe Patches20 Dec 2023 | 14
Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users Updated National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks Cyber-crime14 Dec 2023 | 1
Two years on, 1 in 4 apps still vulnerable to Log4Shell Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Research11 Dec 2023 | 11
A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list Apparently no one thought to check if this D-Link router 'issue' was actually exploitable Security06 Dec 2023 | 6
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images Exploits bypass most secure boot solutions from the biggest chip vendors Research01 Dec 2023 | 31
OpenCart owner turns air blue after researcher discloses serious vuln Web storefront maker fixed the flaw, but not before blasting infoseccer Patches24 Nov 2023 | 48
Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure? Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing CSO22 Nov 2023 | 9
Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record Cyber-crime13 Nov 2023 | 38
Royal Mail cybersecurity still a bit of a mess, infosec bods claim Infosec in brief Also: Most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities Security13 Nov 2023 | 8
MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate Cyber-crime09 Nov 2023 |
Atlassian cranks up the threat meter to max for Confluence authorization flaw Attackers secure admin rights after vendor said they could only steal data Cyber-crime08 Nov 2023 | 10
Okta October breach affected 134 orgs, biz admits Infosec in brief Plus: CVSS 4.0 is here, this week's critical vulns, and 'incident' hit loan broker promises no late fees. Generous Security06 Nov 2023 | 6
Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security Secure Future Initiative needed in wake of tech evolution and unrelenting ransomware criminality Security03 Nov 2023 | 18
Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims Over a week later and barely any patches for the 10/10 vulnerability have been applied Cyber-crime02 Nov 2023 | 4
Critical vulnerability in F5 BIG-IP under active exploitation Full extent of attacks unknown but telecoms thought to be especially exposed Cyber-crime01 Nov 2023 |
Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian Risk of ‘significant data loss’ for on-prem customers Patches31 Oct 2023 | 2
Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets Just tricks, no treats with these 3 vulns Security30 Oct 2023 | 5
LockBit alleges it boarded Boeing, stole 'sensitive data' Security In Brief ALSO: CISA begs for a consistent budget, Las Vegas school breach; Nigeria arrests six cyber princes, the week's critical vulnerabilities Security30 Oct 2023 | 3
F5 hurriedly squashes BIG-IP remote code execution bug Fixes came earlier than scheduled as vulnerability became known to outsiders Research27 Oct 2023 | 3
VMware reveals critical vCenter vuln that you may have patched already without knowing it Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters Patches25 Oct 2023 | 4
US cybercops urge admins to patch amid ongoing Confluence chaos Do it now, no ifs or buts, says advisory Patches17 Oct 2023 | 3
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit Two years on and Microsoft refuses to address the issue Research13 Oct 2023 | 11
Equifax scores £11.1M slap on wrist over 2017 mega breach Not quite a pound for every one of the 13.8 million affected UK citizens, and it could have been more Cybersecurity Month13 Oct 2023 | 11
Squid games: 35 security holes still unpatched in proxy after 2 years, now public We'd like to say don't panic … but maybe? Research13 Oct 2023 | 10
Microsoft takes another run at closing Exchange brute-force security hole Meanwhile, Exchange Online is on the fritz Cybersecurity Month11 Oct 2023 | 13
curl vulnerabilities ironed out with patches after week-long tease Updated The coordinated disclosure didn’t quite go to plan, though Patches11 Oct 2023 | 16
HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet Botnet storm drowned last record with 398 million requests per second CSO10 Oct 2023 | 13
Researcher bags two-for-one deal on Linux bugs while probing GNOME component One-click exploit could potentially affect most major distros Research10 Oct 2023 | 12
Ransomware attacks register record speeds thanks to success of infosec industry Dwell times drop to hours rather than days for the first time Research10 Oct 2023 | 3
Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign Infosec in brief PLUS: Sony admits to MoveITbreach; Blackbaud fined again, Qakbot's sorta back from the dead; and more Security09 Oct 2023 | 7
CISA reveals 'Admin123' as top security threat in cyber sloppiness chart Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam Security06 Oct 2023 | 8
CISA adds latest Chrome zero-day to Known Exploited Vulnerabilities Catalog Chrome’s second zero-day of the month puts fed security at 'significant risk' Security03 Oct 2023 |
Security researchers believe mass exploitation attempts against WS_FTP have begun Updated Early signs emerge after Progress Software said there were no active attempts last week Cyber-crime02 Oct 2023 | 14