Security News

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)
2024-03-04 16:03

JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately. "Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere strictly to its own vulnerability disclosure policy. This means that their team will publish full technical details of these vulnerabilities and their replication steps within 24 hours of this notice," the company stated today.

Enhancing security through proactive patch management
2024-03-04 04:00

Despite its importance, patching can be challenging for organizations due to factors such as the sheer volume of patches released by software vendors, compatibility issues with existing systems, and the need to balance security with operational continuity. To ensure effective patch management, organizations should establish clear policies and procedures for patching, automate patch deployment where possible, regularly scan for vulnerabilities, prioritize patches based on risk, and conduct thorough testing before deployment.

ConnectWise urges ScreenConnect admins to patch critical RCE flaw
2024-02-20 16:48

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. ConnectWise has yet to assign CVE IDs to the two security flaws that impact all servers running ScreenConnect 23.9.7 and prior.

Critical Flaws Found in ConnectWise ScreenConnect Software  - Patch Now
2024-02-20 10:38

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on...

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!
2024-02-20 10:02

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. ConnectWise ScreenConnect is a remote desktop software solution popular with managed services providers and businesses they offer services to, as well as help desk teams.

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws
2024-02-13 19:07

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. The total count of 73 flaws does not include 6 Microsoft Edge flaws fixed on February 8th and 1 Mariner flaw.

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws
2024-02-13 19:07

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days. The total count of 74 flaws does not include 6 Microsoft Edge and 1 Mariner flaw fixed on February 8th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034765 cumulative update.

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
2024-02-13 04:51

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV)...

Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast
2024-02-11 09:00

Choosing the right partner when outsourcing cybersecurityIn this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. Key strategies for ISO 27001 compliance adoptionIn this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard.

February 2024 Patch Tuesday forecast: Zero days are back and a new server too
2024-02-09 06:24

Microsoft introduced the update process called 'flighting' for these preview builds, allowing automatic or manual in-place updates approximately every two weeks without needing a new install every time. Google released the Stable Channel updates 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 to Windows back on January 16.