Security News
Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. "Virtualization platforms are a core component of...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on...
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code...
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA's deadlines, according to Bitsight. Organizations struggle to remediate critical vulnerabilities.
Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. Attacks started on average 4.76 days after new exploits were publicly disclosed: Like the 1H 2023 Global Threat Landscape Report, FortiGuard Labs sought to determine how long it takes for a vulnerability to move from initial release to exploitation, whether vulnerabilities with a high Exploit Prediction Scoring System score get exploited faster, and whether it could predict the average time-to-exploitation using EPSS data.
Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator...
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of...
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. Attackers can exploit path traversal vulnerabilities to create or overwrite critical files used to execute code or bypass security mechanisms like authentication.
Patch network security isn't applicable in the same way for cloud environments, and few cloud providers assign Common Vulnerabilities and Exposures identifiers to vulnerabilities. For vulnerability management teams who talk exclusively in this CVE-based construct, the lack of CVEs in cloud services is a significant challenge.