Security News

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
2024-05-23 17:03

Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. "Virtualization platforms are a core component of...

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now
2024-05-17 06:43

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on...

NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
2024-05-14 09:29

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries
2024-05-13 10:12

Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code...

Critical vulnerabilities take 4.5 months on average to remediate
2024-05-13 03:30

Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA's deadlines, according to Bitsight. Organizations struggle to remediate critical vulnerabilities.

Cybercriminals are getting faster at exploiting vulnerabilities
2024-05-10 05:00

Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. Attacks started on average 4.76 days after new exploits were publicly disclosed: Like the 1H 2023 Global Threat Landscape Report, FortiGuard Labs sought to determine how long it takes for a vulnerability to move from initial release to exploitation, whether vulnerabilities with a high Exploit Prediction Scoring System score get exploited faster, and whether it could predict the average time-to-exploitation using EPSS data.

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover
2024-05-09 06:11

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator...

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks
2024-05-03 04:50

HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of...

CISA urges software devs to weed out path traversal vulnerabilities
2024-05-02 19:38

CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. Attackers can exploit path traversal vulnerabilities to create or overwrite critical files used to execute code or bypass security mechanisms like authentication.

Why cloud vulnerabilities need CVEs
2024-05-01 05:00

Patch network security isn't applicable in the same way for cloud environments, and few cloud providers assign Common Vulnerabilities and Exposures identifiers to vulnerabilities. For vulnerability management teams who talk exclusively in this CVE-based construct, the lack of CVEs in cloud services is a significant challenge.