Vulnerability

UK ICO not happy with Google's plans to allow device fingerprinting

Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Security23 Dec 2024 | 75

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

Patches12 Dec 2024 |

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Patches11 Dec 2024 | 2

US military grounds entire Osprey tiltrotor fleet over safety concerns

Boeing-Bell V-22 can't outfly its checkered past, it seems

Public Sector10 Dec 2024 | 89

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Research10 Dec 2024 |

OpenWrt orders router firmware updates after supply chain attack scare

A couple of bugs lead to a potentially bad time

CSO09 Dec 2024 | 9

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

updated Still unpatched 100+ days later, watchTowr says

Cyber-crime06 Dec 2024 | 4

Perfect 10 directory traversal vuln hits SailPoint's IAM solution

Updated 20-year-old info disclosure class bug still pervades security software

Patches03 Dec 2024 | 6

Zabbix urges upgrades after critical SQL injection bug disclosure

US agencies blasted 'unforgivable' SQLi flaws earlier this year

Patches29 Nov 2024 | 7

QNAP and Veritas dump 30-plus vulns over the weekend

Updated Just what you want to find when you start a new week

Patches26 Nov 2024 | 2

'Alarming' security bugs lay low in Linux's needrestart utility for 10 years

Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server

Research21 Nov 2024 | 15

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches

CSO20 Nov 2024 | 59

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Patches19 Nov 2024 | 4

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Sore about cores no more

Patches13 Nov 2024 | 7

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

'Once again, we've lost a little more faith in the internet,' researcher says

CSO12 Nov 2024 | 3

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Over 5 million records from 25 organizations posted to black hat forum

Cyber-crime12 Nov 2024 | 2

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Ultra-Reliable Wireless Backhaul doesn't live up to its name

Patches07 Nov 2024 | 16

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

Mondays are for checking months of logs, apparently, if MFA's not enabled

Security04 Nov 2024 | 14

Admins better Spring into action over latest critical open source vuln

Patch up: The Spring framework dominates the Java ecosystem

Security29 Oct 2024 | 1

macOS HM Surf vuln might already be under exploit by major malware family

Like keeping your camera and microphone private? Patch up

Cybersecurity Month21 Oct 2024 | 16

Thousands of Fortinet instances vulnerable to actively exploited flaw

No excuses for not patching this nine-month-old issue

Cybersecurity Month14 Oct 2024 | 8

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

Security12 Oct 2024 | 11

CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame

Usual three-week window to address significant risks to federal agencies applies

Cybersecurity Month10 Oct 2024 |

Mozilla patches critical Firefox vuln that attackers are already exploiting

Firefixed: It's maintenance time for low-complexity, high-impact security flaw

Cybersecurity Month10 Oct 2024 | 26

Using iPhone Mirroring at work? You might have just overshared to your boss

What does IT glimpse but a dating app on your wee little screen

Software08 Oct 2024 | 27

Apple fixes bug that let VoiceOver shout your passwords

Not a great look when the iGiant just launched its first password manager

Cybersecurity Month04 Oct 2024 | 6

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again

Cybersecurity Month02 Oct 2024 | 4

NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline

Cybersecurity Month02 Oct 2024 | 8

'Patch yesterday': Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure

Cybersecurity Month02 Oct 2024 | 5

Rackspace internal monitoring web servers hit by zero-day

Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry

Cybersecurity Month30 Sep 2024 | 10

That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices

Final update No patches yet, can be mitigated, requires user interaction

Security26 Sep 2024 | 104

Ivanti patches exploited admin command execution flaw

Fears over chained attacks affecting EOL product

Patches20 Sep 2024 | 8

Feeld dating app's security too open-minded as private data swings into public view

No love for months-long wait to fix this, either

Research13 Sep 2024 | 8

Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

SaaS seller sets severity to 'critical'

Patches12 Sep 2024 | 4

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

Updated Infosec hounds say they spotted vulnerability during routine travel in the US

Research30 Aug 2024 | 28

AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all

Still no love for 1000- or 2000-series

Systems20 Aug 2024 | 21

Multiple flaws in Microsoft macOS apps unpatched despite potential risks

Windows giant tells Cisco Talos it isn't fixing them

Research19 Aug 2024 | 21

AMD won’t patch Sinkclose security bug on older Zen CPUs

Updated Kernel mode not good enough for you? Maybe you'll like SMM of this

Patches13 Aug 2024 | 14

If you give Copilot the reins, don't be surprised when it spills your secrets

Black Hat 'All of the defaults are insecure' Zenity CTO claims

Black Hat and DEF CON08 Aug 2024 | 18

Using 1Password on Mac? Patch up if you don’t want your Vaults raided

Hundreds of thousands of users potentially vulnerable

Patches08 Aug 2024 | 23

Devices with insecure SSH services are everywhere, say infosec duo

Black Hat 'Serendipitous' discovery may have you second guessing your appliances

Black Hat and DEF CON07 Aug 2024 | 10

SAP Core AI bugs allowed access to internal network servers, say researchers

Black Hat Wiz infoseccers able to promote themselves from humble customer to full-blown admin

Black Hat and DEF CON06 Aug 2024 |

UK plans to revamp national cyber defense tools are already in motion

Work aims to build on the success of NCSC's 2016 initiative – and private sector will play a part

Cyber-crime02 Aug 2024 | 8

Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability

Get those patches applied – all the big dogs are abusing it

VMware Explore30 Jul 2024 | 18

Progress discloses second critical flaw in Telerik Report Server in as many months

These are the kinds of bugs APTs thrive on, just ask the Feds

Patches26 Jul 2024 | 1

You should probably fix this 5-year-old critical Docker vuln fairly sharpish

For some unknown reason, initial patch was omitted from later versions

Patches25 Jul 2024 |

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

You’re going to want to patch this one

Patches18 Jul 2024 | 17

RADIUS networking protocol blasted into submission through MD5-based flaw

If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed

Research10 Jul 2024 | 11

Latest Ghostscript vulnerability haunts experts as the next big breach enabler

There's also chatter about whether medium severity scare is actually code red nightmare

Research05 Jul 2024 | 25

Traeger security bugs bad news for grillers with neighborly beef

Never risk it when it comes to brisket – make sure those updates are applied

Research03 Jul 2024 | 20

No rest for the wiry as Cisco Nexus switches flip out over latest zero-day

Command injection bug being abused by suspected Chinese spies – patch up

Malware Month02 Jul 2024 | 6

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk

Full system takeovers on the cards, for those with enough patience to pull it off

Patches01 Jul 2024 | 59

Juniper Networks flings out emergency patches for perfect 10 router vuln

Get 'em while they're hot

Patches01 Jul 2024 | 6

Batten down the hatches, it's time to patch some more MOVEit bugs

Exploit attempts for ‘devastating’ vulnerabilities already underway

Patches26 Jun 2024 | 9

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

Crafty crims broke in but encryption stopped any nastiness

Cyber-crime25 Jun 2024 | 3

Phoenix UEFI flaw puts long list of Intel chips in hot seat

Researchers discuss it in same breath as BlackLotus and MosaicRegressor

Research21 Jun 2024 | 21