Security News

CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. Attackers can exploit path traversal vulnerabilities to create or overwrite critical files used to execute code or bypass security mechanisms like authentication.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in...

CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets. The CVE-2023-7028 bug impacts GitLab Community and Enterprise editions, and GitLab fixed it in 16.7.2, 16.5.6, and 16.6.4 and backported patches to versions 16.1.6, 16.2.9, and 16.3.7.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The U.S. Cybersecurity and Infrastructure Security Agency has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. Malware Next-Gen is a malware analysis platform that examines malware samples for suspicious artifacts. "The Cybersecurity and Infrastructure Security Agency announces today a new release of our malware analysis system, called Malware Next-Gen, which allows any organization to submit malware samples and other suspicious artifacts for analysis," reads the announcement.

CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. CISA says Russian Foreign Intelligence Service operatives now use information stolen from Microsoft's corporate email systems, including the authentication details shared between Microsoft and its customers by email, to gain access to certain customer systems.

The U.S. Cybersecurity and Infrastructure Security Agency is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. Today, CISA says the incident also affects critical infrastructure sector organizations in the United States, with the agency now working with partners in the private sector to assess its impact.

The U.S. Cybersecurity and Infrastructure Security Agency is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. Today, CISA says the incident also affects critical infrastructure sector organizations in the United States, with the agency now working with partners in the private sector to assess its impact.

Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company's customers to "Reset credentials and secrets potentially exposed to, or used to access, Sisense services." Details about the security incident are still being kept under wraps by Sisense.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable...