Security News

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities
2024-02-15 11:30

With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever,...

New Ivanti Secure VPN Zero-Day Vulnerabilities and Patches
2024-02-12 19:28

Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The chaining of the two vulnerabilities allow any attacker to execute remote code without any authentication and compromise affected systems.

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
2024-02-01 15:21

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell and PwnKit vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer botnet powered by malware written in Golang.

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
2024-02-01 07:43

Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices.This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.

Top Security Posture Vulnerabilities Revealed
2024-01-30 10:49

Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out...

52% of Serious Vulnerabilities We Find are Related to Windows 10
2024-01-22 11:22

We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients...

Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP
2024-01-12 13:03

GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked...

Top LLM vulnerabilities and how to mitigate the associated risk
2024-01-10 05:30

As large language models become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. Successful prompt injection attacks can lead to cross-plugin request forgery, cross-site scripting and training data extraction, each of which put company secrets, personal user data and essential training data at risk.

Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities
2024-01-10 05:26

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important...

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack
2024-01-10 04:50

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...