Security News

F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution on vulnerable endpoints. While these flaws require specific criteria to exist, making them very difficult to exploit, F5 warns that it could lead to a complete compromise of the devices.

IT professionals are becoming increasingly concerned about the growing number of cyber threats and foreign attacks capable of impacting video conferencing. In this Help Net Security video, George Waller, EVP of Zerify, talks about the rise of remote work and the importance of video conferencing security for organizations of all sizes.

VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows - a product used by IT and help desk staff to remotely take over and manage employees' devices. A miscreant able to reach a Workspace ONE Assist deployment, either over the internet or on the network, can exploit any of these three bugs to obtain administrative access without the need to authenticate.

VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin. Workspace ONE Assist provides remote control, screen sharing, file system management, and remote command execution to help desk and IT staff remotely access and troubleshoot devices in real time from the Workspace ONE console.

VMware has released security updates today to fix a critical vulnerability in VMware Cloud Foundation, a hybrid cloud platform for running enterprise apps in private or public environments. The flaw is in the XStream open-source library used by Cloud Foundation and has an almost maximum CVSSv3 base score of 9.8/10 assigned by VMware.

highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022² Cybersecurity Workforce Study. The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals.

To find out how a shift in working styles impacts companies' security posture, NinjaOne surveyed 400 employees in regulated industries. The accompanying report, Hybrid Work in 2022: How IT is Managing the New Challenges of a Flexible Work Environment, highlights that many organizations are still too cavalier when managing technology that enables hybrid work.

Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide.

Microsoft is investigating user reports of issues with Remote Desktop on Windows 11 systems after installing the Windows 11 2022 Update. Installing the Windows 11 22H2 feature update will cause Remote Desktop clients not to connect, randomly disconnect, or freeze unexpectedly.

After two years of the pandemic, confidence in addressing certain security risks and threats arising from hybrid and remote work has improved among businesses and organizations around the world. "The past few years have cemented remote work and work-from-anywhere as a permanent part of the security landscape, and they have also introduced new security risks and challenges. However, growing familiarity with remote work has ultimately broadened awareness on an enterprise level of daily business security risks and has strengthened both confidence and ability in security teams and products to handle those risks and threats properly," said Francois Lasnier, VP of Access Management Solutions at Thales.