Security News

Week in review: Exploited Citrix Bleed vulnerability, Atlassian patches critical Confluence bug
2023-11-05 09:00

From Windows 9x to 11: Tracing Microsoft's security evolutionIn this Help Net Security interview, we feature security researcher Alex Ionescu, the co-author of Windows Internals, one of the founding employees of CrowdStrike, now running his consulting company, Winsider Seminars & Solutions, where he continues to do security research focusing on platform security. How human behavior research informs security strategiesIn this Help Net Security interview, Kai Roer, CEO at Praxis Security Labs, explores the theoretical underpinnings, practical implications, and the crucial role of human behavior in cybersecurity.

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
2023-11-02 05:19

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after...

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability
2023-11-02 04:27

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote...

New CVSS 4.0 vulnerability severity rating standard released
2023-11-01 19:28

The Forum of Incident Response and Security Teams has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.

Critical vulnerability in F5 BIG-IP under active exploitation
2023-11-01 16:14

The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian. This critical Apache JServ Protocol smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility last week.

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
2023-11-01 04:53

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an...

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
2023-10-31 11:16

Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as...

Vulnerability management metrics: How to measure success
2023-10-31 04:30

Without the right metrics, vulnerability management is pretty pointless. Intruder makes vulnerability management easy by explaining the risks and providing actionable remediation advice.

F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747)
2023-10-30 15:37

F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability that could lead to unauthenticated remote code execution. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," F5 confirmed.

Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach
2023-10-29 09:00

1Password also affected by Okta Support System breachFollowing in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. Microsoft announces wider availability of AI-powered Security CopilotMicrosoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program.