Security News

From Windows 9x to 11: Tracing Microsoft's security evolutionIn this Help Net Security interview, we feature security researcher Alex Ionescu, the co-author of Windows Internals, one of the founding employees of CrowdStrike, now running his consulting company, Winsider Seminars & Solutions, where he continues to do security research focusing on platform security. How human behavior research informs security strategiesIn this Help Net Security interview, Kai Roer, CEO at Praxis Security Labs, explores the theoretical underpinnings, practical implications, and the crucial role of human behavior in cybersecurity.

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after...

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote...

The Forum of Incident Response and Security Teams has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.

The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian. This critical Apache JServ Protocol smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility last week.

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an...

Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as...

Without the right metrics, vulnerability management is pretty pointless. Intruder makes vulnerability management easy by explaining the risks and providing actionable remediation advice.

F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability that could lead to unauthenticated remote code execution. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," F5 confirmed.

1Password also affected by Okta Support System breachFollowing in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. Microsoft announces wider availability of AI-powered Security CopilotMicrosoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program.