Security News

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. ConnectWise ScreenConnect is a remote desktop software solution popular with managed services providers and businesses they offer services to, as well as help desk teams.

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. The total count of 73 flaws does not include 6 Microsoft Edge flaws fixed on February 8th and 1 Mariner flaw.

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days. The total count of 74 flaws does not include 6 Microsoft Edge and 1 Mariner flaw fixed on February 8th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034765 cumulative update.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV)...

Choosing the right partner when outsourcing cybersecurityIn this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. Key strategies for ISO 27001 compliance adoptionIn this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard.

Microsoft introduced the update process called 'flighting' for these preview builds, allowing automatic or manual in-place updates approximately every two weeks without needing a new install every time. Google released the Stable Channel updates 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 to Windows back on January 16.

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. Shadowserver also monitors Ivanti Connect Secure VPN instances compromised worldwide daily, with almost 250 compromised devices discovered on Wednesday, February 7.

JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors...

Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability, over 66% of Mastodon servers out there have been upgraded to close the hole. Mastodon is open-source software for running self-hosted social networking services within the wider Fediverse.

The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands. Trailing them are India, Germany, Republic of Korea, France, and the UK. The revelation of the vast attack surface comes days after multiple exploits were made public on January 26 - themselves released just two days after the coordinated disclosure from Jenkins and Yaniv Nizry, the researcher at Sonar who first discovered the vulnerability.