Security News
Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. "Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.".
How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if...
Security teams need not take a binary approach to the tradeoff of fast scanning vs. vulnerability detection. How significant is the ability to write custom rules in security tools for organizations, and what impact does this have on the effectiveness of vulnerability detection?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities...
A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported versions of Windows could spell trouble for enterprise defenders. "I have only tested the whole thing a few times in a domain network consisting of a Windows 10 machine and a Windows Server 2022 domain controller. I was able to crash the event log service of the domain controller as an unprivileged user from the Windows 10 machine, and that was about it."
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked...
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that,...
Proof-of-concept exploit code for a critical vulnerability in Fortra's GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. CVE-2024-0204 was privately reported by Mohammed Eldeeb and Islam Elrfai of Spark Engineering Consultants in early December 2023, and Fortra's GoAnywhere MFT customers got an advance warning with instructions on how to remediate the vulnerability.
One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management. In this article, we discuss omission bias in vulnerability management, particularly vulnerability remediation, and how IT operators can overcome it with today's new management platforms.
A previously patched critical vulnerability affecting Ivanti Endpoint Manager Mobile and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog. It is not known whether the vulnerability is being exploited by ransomware groups, and CISA does not publish specific information about attacks in which the vulnerabilities in the KEV catalog are exploited.