CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities Crafty crims broke in but encryption stopped any nastiness Cyber-crime25 Jun 2024 | 3
Phoenix UEFI flaw puts long list of Intel chips in hot seat Researchers discuss it in same breath as BlackLotus and MosaicRegressor Research21 Jun 2024 | 21
That didn't take long: Replacement for SORBS spam blacklist arises ... sort of Infosec in brief Also: Online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln Security17 Jun 2024 | 2
Cisco fixes WebEx flaw that allowed government, military meetings to be spied on Researchers were able to glean data from 10,000 meetings held by top Dutch gov officials Cyber-crime07 Jun 2024 | 12
Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes That backdoor's not meant to be there? Patches05 Jun 2024 | 3
NIST turns to IT consultants to clear National Vulnerability Database backlog Aims to get CVE logjam cleared by the end of FY 24 CSO03 Jun 2024 | 5
Veeam says critical flaw can't be abused to trash backups It's still a rough one, so patch up Patches23 May 2024 | 1
GitHub Enterprise Server patches 10-outta-10 critical hole On the bright side, someone made up to $30,000+ for finding it Patches22 May 2024 | 3
Critical Fluent Bit bug affects all major cloud providers, say researchers Crashes galore, plus especially crafty crims could use it for much worse Research21 May 2024 | 2
Researchers call out QNAP for dragging its heels on patch development WatchTowr publishes report claiming vendor failed to issue fixes after four months Research20 May 2024 | 4
NCSC CTO: Broken market must be fixed to usher in new tech CYBERUK It may take ten years but vendors must be held accountable for the vulnerabilities they introduce Security16 May 2024 | 9
NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick off Patches14 May 2024 | 4
The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching More work to do as most deadlines are missed and worst bugs still take months to fix Patches07 May 2024 |
CISA says 'no more' to decades-old directory traversal bugs Recent attacks on healthcare thrust infosec agency into alert mode CSO06 May 2024 | 13
Chinese government website security is often worryingly bad, say Chinese researchers Exclusive Bad configurations, insecure versions of jQuery, and crummy cookies are some of myriad problems Public Sector03 May 2024 | 28
Patch up – 4 critical bugs in ArubaOS lead to remote code execution Ten vulnerabilities in total for admins to apply Patches02 May 2024 | 4
Federal frenzy to patch gaping GitLab account takeover hole Warning comes exactly a year after the vulnerability was introduced Cyber-crime02 May 2024 | 8
Open source programming language R patches gnarly arbitrary code exec flaw Updated An ACE in the hole for miscreants Patches01 May 2024 | 1
Exploit code for Palo Alto Networks zero-day now public Race on to patch as researchers warn of mass exploitation of directory traversal bug Security17 Apr 2024 | 3
CISA in a flap as Chirp smart door locks can be trivially unlocked remotely Hard-coded credentials last thing you want in home security app Security15 Apr 2024 | 49
Delinea Secret Server customers should apply latest patches Updated Attackers could nab an org's most sensitive keys if left unaddressed Patches15 Apr 2024 | 3
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib BatBadBut hits Erlang, Go, Python, Ruby as well Patches10 Apr 2024 | 57
Hotel check-in terminal bug spews out access codes for guest rooms Attacks could be completed in seconds, compromising customer safety Research05 Apr 2024 | 31
Ivanti commits to secure-by-design overhaul after vulnerability nightmare CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat Security04 Apr 2024 | 19
JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat Updated Vendor takes hardline approach to patch disclosure to new levels Patches28 Mar 2024 | 14
Nvidia's newborn ChatRTX bot patched for security bugs Flaws enable privilege escalation and remote code execution Patches28 Mar 2024 | 1
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb One might say this is a wurst case scenario Patches28 Mar 2024 | 44
Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws Software slackers urged to up their game Security26 Mar 2024 | 66
Mozilla fixes $100,000 Firefox zero-days following two-day hackathon Users may have to upgrade twice to protect their browsers Security25 Mar 2024 | 9
Some 300,000 IPs vulnerable to this Loop DoS attack Easy to exploit, not yet exploited, not widely patched – pick three Research24 Mar 2024 | 24
3 million doors open to uninvited guests in keycard exploit As months go by without fixes, hotels take the scenic route to securing rooms Research22 Mar 2024 | 53
Hardware-level Apple Silicon vulnerability can leak cryptographic keys Short of redesigning CPUs, the fix will seriously degrade performance Research22 Mar 2024 | 22
More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available Patches18 Mar 2024 | 2
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers War of words wages on between vendors divided Patches12 Mar 2024 | 12
Font security 'still a Helvetica of a problem' says Australian graphics outfit Canva Who knew that unzipping a font archive could unleash a malicious file Security08 Mar 2024 | 38
JetBrains TeamCity under attack by ransomware thugs after disclosure mess More than 1,000 servers remain unpatched and vulnerable Cyber-crime07 Mar 2024 | 11
Apple's trademark tight lips extend to new iPhone, iPad zero-days Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Patches06 Mar 2024 |
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Updated Exploits began within hours of the original disclosure, so patch now Patches05 Mar 2024 | 37
Zoom stomps critical privilege escalation bug plus 6 other flaws All desktop and mobile apps vulnerable to at least one of the vulnerabilities Patches15 Feb 2024 |
QNAP vulnerability disclosure ends up an utter shambles Two new flaws, one zero-day, countless different patches, but everything's fine! Patches13 Feb 2024 | 8
Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Software company's claim of there being no active exploits also being questioned Security09 Feb 2024 | 5
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim An orchestra of fails for the security vendor Cyber-crime09 Feb 2024 | 6
Raspberry Robin devs are buying exploits for faster attacks One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research08 Feb 2024 | 2
JetBrains urges swift patching of latest critical TeamCity flaw Cloud version is safe, but no assurances offered about possible on-prem exploits Patches07 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs The closest thing we may ever get to a real-life Die Hard 2 scenario Research03 Feb 2024 | 17
Critical vulnerability in Mastodon is pounced upon by fast-acting admins Danger of remote account takeovers leaves lead devs scared of releasing many details Security02 Feb 2024 | 20
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks Evidence mounts of an exploit gatekept within Russia's borders Research31 Jan 2024 |
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns Many versions still without fixes while sophisticated attackers bypass mitigations Patches31 Jan 2024 | 8
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released Multiple publicly available exploits have since been published for the critical flaw Security30 Jan 2024 | 2
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process Vendor gets tangled in its own web of undisclosed vulnerabilities Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug Ancient path traversal exploit offers remote attackers admin access Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE Patches22 Jan 2024 | 7
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 Research16 Jan 2024 | 8
Ivanti zero-day exploits explode as bevy of attackers get in on the act Customers still patchless and mitigation only goes so far Cyber-crime16 Jan 2024 | 6
Thousands of Juniper Networks devices vulnerable to critical RCE bug Yet more support for the argument to adopt memory-safe languages Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers The bug with a perfect 10 severity score has been ripe for exploitation since May Patches15 Jan 2024 | 21
Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew It’s taken months for crims to hack together a working exploit chain Cyber-crime12 Jan 2024 | 8
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits Customers currently left patchless while attacks are expected to increase Cyber-crime11 Jan 2024 | 6
Apache OFBiz zero-day pummeled by exploit attempts after disclosure Issue has been patched so be sure to check your implementations Cyber-crime08 Jan 2024 |
Four in five Apache Struts 2 downloads are for versions featuring critical flaw Seriously, people - please check the stuff you fetch more carefully Patches21 Dec 2023 | 10
SSH shaken, not stirred by Terrapin vulnerability No need to panic, but grab those updates or mitigations anyway just to be safe Patches20 Dec 2023 | 14