Security News
Security researchers have spotted what they believe to be a "Possible mass exploitation" of vulnerabilities in Progress Software's WS FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS FTP. Progress released fixes for eight separate vulnerabilities in WS FTP on Wednesday, including one rated a maximum score of 10 on the CVSS severity scale.
Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various...
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of...
Progress Software has issued hotfixes for a critical security vulnerability (with a maximum CVSS score of 10.0) and seven other flaws in its WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface.The most severe flaw, CVE-2023-40044, affects all versions of the software, allowing a pre-authenticated attacker to exploit a .NET deserialization vulnerability to run remote commands.
Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Why, you ask? All because his IP address landed in the logs of a crypto wallet associated with a phishing scam that Curry had earlier helped investigate as a part of his job-a scam that the feds were now investigating.
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and...
Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet - both in terms of attacks and the dissemination of fake news. The article appeared in China Cyberspace, the official organ of regulator the Cyberspace Administration of China.
Data security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the...
Applications developed by organizations in Europe, Middle East and Africa tend to contain more security flaws than those created by their US counterparts, according to Veracode. Researchers found that just over 80% of applications developed by EMEA organizations had at least one security flaw detected in their most recent scan over the last 12 months, compared to just under 73% of US organizations.
In this Help Net Security interview, Nima Baiati, Executive Director and GM, Commercial Cybersecurity Solutions at Lenovo, discusses the disconnect between development and security teams and how companies need to prioritize security and why utilizing a multi-layered strategy is the best way to secure above and below the OS. There is a disconnect between development and security teams regarding security ownership at the design stage. Without clear ownership of security during the design stage, many problems can quickly arise.