Security News

CISA: Network switch RCE flaw impacts critical infrastructure
2024-10-02 15:02

U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used...

CISA: Hackers target industrial systems using “unsophisticated methods”
2024-09-25 16:18

​CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and...

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
2024-09-25 09:41

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the...

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
2024-09-25 06:01

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities...

CISA boss: Makers of insecure software must stop enabling today's cyber villains
2024-09-20 00:33

Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software suppliers who ship buggy, insecure code need to stop enabling cyber...

CISA boss: Makers of insecure software are enablers of the real villains
2024-09-20 00:33

Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret' Software suppliers who ship buggy, insecure code are the true baddies in the cyber...

CISA warns of actively exploited Apache HugeGraph-Server bug
2024-09-19 22:53

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting...

CISA urges software devs to weed out XSS vulnerabilities
2024-09-17 16:39

CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. [...]

CISA warns of Windows flaw used in infostealer malware attacks
2024-09-16 19:53

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. [...]

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
2024-09-10 12:26

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known...