Security News

ConnectWise urges ScreenConnect admins to patch critical RCE flaw
2024-02-20 16:48

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. ConnectWise has yet to assign CVE IDs to the two security flaws that impact all servers running ScreenConnect 23.9.7 and prior.

Critical Flaws Found in ConnectWise ScreenConnect Software  - Patch Now
2024-02-20 10:38

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on...

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!
2024-02-20 10:02

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. ConnectWise ScreenConnect is a remote desktop software solution popular with managed services providers and businesses they offer services to, as well as help desk teams.

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws
2024-02-13 19:07

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. The total count of 73 flaws does not include 6 Microsoft Edge flaws fixed on February 8th and 1 Mariner flaw.

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws
2024-02-13 19:07

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days. The total count of 74 flaws does not include 6 Microsoft Edge and 1 Mariner flaw fixed on February 8th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034765 cumulative update.

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
2024-02-13 04:51

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV)...

Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast
2024-02-11 09:00

Choosing the right partner when outsourcing cybersecurityIn this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. Key strategies for ISO 27001 compliance adoptionIn this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard.

February 2024 Patch Tuesday forecast: Zero days are back and a new server too
2024-02-09 06:24

Microsoft introduced the update process called 'flighting' for these preview builds, allowing automatic or manual in-place updates approximately every two weeks without needing a new install every time. Google released the Stable Channel updates 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 to Windows back on January 16.

Ivanti: Patch new Connect Secure auth bypass bug immediately
2024-02-08 19:45

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. Shadowserver also monitors Ivanti Connect Secure VPN instances compromised worldwide daily, with almost 250 compromised devices discovered on Wednesday, February 7.

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now
2024-02-07 05:05

JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors...