Security News

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. ...

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Small and medium-sized enterprises IT staff is overwhelmed by the complexity and demands of managing multiple tools in their security stack, leading them to miss critical severity events and weaken their company's security posture, according to Coro. According to the survey, 73% of SME security professionals have missed, ignored or failed to act on critical security alerts, with respondents noting a lack of staff and a lack of time as the top two reasons.

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.

Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team. The attacks occurred in March and in some cases the hackers were able to infiltrate the targeted network by poisoning the supply chain to deliver compromised or vulnerable software, or through the software provider's ability to access organization's systems for maintainance and technical suport.

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. On Thursday, Japan's CERT published an alert on its vulnerability notes portal warning about the existence of a critical severity flaw in Forminator that may allow a remote attacker to upload malware on sites using the plugin.

Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the...

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the...

The newest version of Ivanti Avalanche - the company's enterprise mobile device management solution - carries fixes for 27 vulnerabilities, two of which are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system. Both critical vulnerabilities are heap overflow bugs: CVE-2024-29204 is in the WLAvalancheService, and CVE-2024-24996 in the WLInfoRailService component of Ivanti Avalanche before v6.4.3, and may allow unauthenticated remote attackers to execute arbitrary commands on vulnerable systems.