Security News > 2024
A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. The flaws are present in the PXE network boot process, which is crucial for provisioning operating systems in data centers and high-performance computing environments, and a standard procedure for loading OS images from the network at boot.
More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. "SSD Labs previously stated that in both cases, cybercrims are"tasked with exploiting a stack overflow vulnerability to cause the DoS - remotely carried out by sending a malicious HTTP request.
A credit card or PayPal account is required for purchase. You will be billed the total shown above and you will receive a receipt via email once your payment is processed.
Data in transit means data is at risk if the proper precautions aren't followed. Data stored inside a securely monitored environment is much less likely to fall into the wrong hands than data exchanged between people and systems.
Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. Atlassian fixed the flaw in Confluence Data Center and Server versions 8.5.4, 8.6.0, and 8.7.1, which were released in December.
Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. Organizations using Ivanti Connect Secure VPN devices were advised to implement temporary mitigations as soon as possible, check for evidence of compromise, and to boot attackers out of their systems in case they had been breached.
According to a survey, 33 percent of organizations are currently leveraging generative AI in at least one business function. Cybersecurity is also a key area where AI is being used, with 51 percent of business owners planning to enhance their cybersecurity efforts using this technology.
There's a "Reasonable chance" that Ivanti Connect Secure VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say. The latest data from Volexity shows that successful exploits of two Ivanti zero-days have accelerated sharply to more than 1,700 devices.
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS)...
Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t...