Vulnerability

Thousands of Juniper Networks devices vulnerable to critical RCE bug

Yet more support for the argument to adopt memory-safe languages

Patches15 Jan 2024 | 13

Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

The bug with a perfect 10 severity score has been ripe for exploitation since May

Patches15 Jan 2024 | 21

Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew

It’s taken months for crims to hack together a working exploit chain

Cyber-crime12 Jan 2024 | 8

Infoseccers think attackers backed by China are behind Ivanti zero-day exploits

Customers currently left patchless while attacks are expected to increase

Cyber-crime11 Jan 2024 | 6

Apache OFBiz zero-day pummeled by exploit attempts after disclosure

Issue has been patched so be sure to check your implementations

Cyber-crime08 Jan 2024 |

Four in five Apache Struts 2 downloads are for versions featuring critical flaw

Seriously, people - please check the stuff you fetch more carefully

Patches21 Dec 2023 | 10

SSH shaken, not stirred by Terrapin vulnerability

No need to panic, but grab those updates or mitigations anyway just to be safe

Patches20 Dec 2023 | 14

Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users

Updated National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks

Cyber-crime14 Dec 2023 | 1

Two years on, 1 in 4 apps still vulnerable to Log4Shell

Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time

Research11 Dec 2023 | 11

A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

Apparently no one thought to check if this D-Link router 'issue' was actually exploitable

Security06 Dec 2023 | 6

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Exploits bypass most secure boot solutions from the biggest chip vendors

Research01 Dec 2023 | 33

OpenCart owner turns air blue after researcher discloses serious vuln

Web storefront maker fixed the flaw, but not before blasting infoseccer

Patches24 Nov 2023 | 48

Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?

Interview Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing

CSO22 Nov 2023 | 9

Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record

Cyber-crime13 Nov 2023 | 38

Royal Mail cybersecurity still a bit of a mess, infosec bods claim

Infosec in brief Also: Most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities

Security13 Nov 2023 | 8

MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts

Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate

Cyber-crime09 Nov 2023 |

Atlassian cranks up the threat meter to max for Confluence authorization flaw

Attackers secure admin rights after vendor said they could only steal data

Cyber-crime08 Nov 2023 | 10

Okta October breach affected 134 orgs, biz admits

Infosec in brief Plus: CVSS 4.0 is here, this week's critical vulns, and 'incident' hit loan broker promises no late fees. Generous

Security06 Nov 2023 | 6

Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security

Secure Future Initiative needed in wake of tech evolution and unrelenting ransomware criminality

Security03 Nov 2023 | 18

Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims

Over a week later and barely any patches for the 10/10 vulnerability have been applied

Cyber-crime02 Nov 2023 | 4

Critical vulnerability in F5 BIG-IP under active exploitation

Full extent of attacks unknown but telecoms thought to be especially exposed

Cyber-crime01 Nov 2023 |

Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian

Risk of ‘significant data loss’ for on-prem customers

Patches31 Oct 2023 | 2

Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets

Just tricks, no treats with these 3 vulns

Security30 Oct 2023 | 5

LockBit alleges it boarded Boeing, stole 'sensitive data'

Security In Brief ALSO: CISA begs for a consistent budget, Las Vegas school breach; Nigeria arrests six cyber princes, the week's critical vulnerabilities

Security30 Oct 2023 | 3

F5 hurriedly squashes BIG-IP remote code execution bug

Fixes came earlier than scheduled as vulnerability became known to outsiders

Research27 Oct 2023 | 3

VMware reveals critical vCenter vuln that you may have patched already without knowing it

Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters

Patches25 Oct 2023 | 4

US cybercops urge admins to patch amid ongoing Confluence chaos

Do it now, no ifs or buts, says advisory

Patches17 Oct 2023 | 2

Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit

Two years on and Microsoft refuses to address the issue

Research13 Oct 2023 | 11

Equifax scores £11.1M slap on wrist over 2017 mega breach

Not quite a pound for every one of the 13.8 million affected UK citizens, and it could have been more

Cybersecurity Month13 Oct 2023 | 11

Squid games: 35 security holes still unpatched in proxy after 2 years, now public

We'd like to say don't panic … but maybe?

Research13 Oct 2023 | 10

Microsoft takes another run at closing Exchange brute-force security hole

Meanwhile, Exchange Online is on the fritz

Cybersecurity Month11 Oct 2023 | 13

curl vulnerabilities ironed out with patches after week-long tease

Updated The coordinated disclosure didn’t quite go to plan, though

Patches11 Oct 2023 | 16

HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet

Botnet storm drowned last record with 398 million requests per second

CSO10 Oct 2023 | 13

Researcher bags two-for-one deal on Linux bugs while probing GNOME component

One-click exploit could potentially affect most major distros

Research10 Oct 2023 | 12

Ransomware attacks register record speeds thanks to success of infosec industry

Dwell times drop to hours rather than days for the first time

Research10 Oct 2023 | 3

CISA reveals 'Admin123' as top security threat in cyber sloppiness chart

Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam

Security06 Oct 2023 | 8

CISA adds latest Chrome zero-day to Known Exploited Vulnerabilities Catalog

Chrome’s second zero-day of the month puts fed security at 'significant risk'

Security03 Oct 2023 |

Security researchers believe mass exploitation attempts against WS_FTP have begun

Updated Early signs emerge after Progress Software said there were no active attempts last week

Cyber-crime02 Oct 2023 | 14

Now MOVEit maker Progress patches holes in WS_FTP

Infosec in brief Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more

Patches01 Oct 2023 | 9

Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all

Unauthenticated and remote code execution possible without dropping a file on disk

Security18 Sep 2023 | 6

Ransomware fiends pounce on Cisco VPN brute-force zero-day flaw

No patch yet – but you've got strong creds and MFA enabled anyway, yeah?

Networks08 Sep 2023 | 6

Apple opens annual applications for free hackable iPhones

Infosec in brief ALSO: Brazilian stalkerware database ripped by the short hairs, a fast fashion breach, and this week's critical vulns

Security04 Sep 2023 | 1

Ford SYNC 3 infotainment vulnerable to drive-by Wi-Fi hijacking

Don't panic, says automaker, but if you do, just turn off wireless for now

Security14 Aug 2023 | 13

Electoral Commission had internet-facing server with unpatched vuln

ProxyNotShell vulnerability could be how UK body got pwned, suggests infosec expert

Cyber-crime11 Aug 2023 | 23

Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks

It's like a nesting doll of security flaws

Patches09 Aug 2023 | 32

US senator victim-blames Microsoft for Chinese hack

Infosec in brief ALSO: China says US hacked it right back, BreachForums users have been pwned, and this week's critical vulns

Security31 Jul 2023 | 10

Millions of people's data stolen because web devs forget to check access perms

IDORs of the storm

CSO29 Jul 2023 | 39

AMD Zenbleed chip bug leaks secrets fast and easy

Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can

CSO24 Jul 2023 | 64

Google Cloud shores up log permissions for builder bot

Infosec in brief ALSO: Amazon's child-sized COPPA fine, smart tech security labels coming to the US, and this week's critical vulns

Security24 Jul 2023 | 2

It's 2023 and memory overwrite bugs are not just a thing, they're still number one

Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list

Research29 Jun 2023 | 71

Ex-FBI employee jailed for taking classified material home

Infosec in brief Also: a PII harvest at Dole's server farm, military members mailed mystery smartwatches, and this week's critical vulns

CSO26 Jun 2023 | 55

Online muggers make serious moves on unpatched Microsoft bugs

Win32k and Visual Studio flaws are under attack

Security09 Jun 2023 | 3

Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway

Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit

Patches01 Jun 2023 | 10

1. This crypto-coin is called Jimbo. 2. $8m was stolen from its devs in flash loan attack

3. It's asked for 90% of the digital dosh back, or else it'll beg the cops for help

Cyber-crime30 May 2023 | 46

Google settles location tracking lawsuit for only $39.9M

in brief Also, more OEM Android malware, Google's bug reports (mostly) ditch CVEs, and this week's critical vulns

Security22 May 2023 | 7

Cisco squashes critical bugs in small biz switches

You'll want to patch these as proof-of-concept exploit code is out there already

Patches18 May 2023 |