May 1, 2024 at 12:02AM The 2024 Data Breach Investigations Report by Verizon Business reveals that 14% of data breaches in 2023 stemmed from security bugs, demonstrating a 180% increase in exploitation. The MOVEit software breach contributed significantly to this trend, impacting various industries. The report emphasizes the urgent need for organizations to strengthen their … Read more
April 26, 2024 at 09:57AM Unknown threat actors targeted Ukrainian government entities using an old Microsoft Office RCE exploit (CVE-2017-8570) to deliver a malicious PowerPoint file via Signal. The attack involved a Russian VPS and Cobalt Strike Beacon for information theft. The campaign’s advanced masquerading and evasive techniques pose challenges for detection and attribution. Enhanced … Read more
April 26, 2024 at 07:00AM Endpoints are the gateway to a business’s digital kingdom, making them prime targets for hackers. The IDC reports 70% of successful breaches start at the endpoint. To improve endpoint security, start with the top 10 must-know tips in this guide. Covering strategies like proactive patching and multi-factor authentication, it’s a … Read more
April 25, 2024 at 08:15AM Pierre Barre warned of multiple vulnerabilities in the Brocade SANnav application, allowing for compromise of the appliance and Fibre Channel switches. The flaws included unauthenticated access, backdoor accounts, exposed credentials, and insecure Docker instances. After initial rejection, the issues were patched in SANnav version 2.3.1, released in December 2023. Key … Read more
April 17, 2024 at 07:19AM Oracle released 441 new security patches in April 2024, with over 200 addressing flaws exploitable by remote, unauthenticated attackers. Oracle Communications received the most patches (93), followed by Fusion Middleware (51) and Financial Services Applications (49). Additionally, separate fixes were released for vulnerabilities affecting multiple applications. Customers are advised to … Read more
April 16, 2024 at 04:00PM Enterprise AI transformation readiness requires devices capable of running AI applications. Absolute Security’s analysis found majority of organizations need system updates or replacements to be AI-ready. Absolute Security’s Cyber Resilience Risk Index 2024, based on telemetry from millions of devices, reveals most enterprise PCs lack the minimum 32 GB RAM … Read more
April 15, 2024 at 09:54AM Juniper Networks recently released multiple advisories detailing over one hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products. Critical-severity issues were found in third-party software, including cURL and Junos cRPD. High-severity flaws impacting Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center were also addressed. Customers … Read more
April 10, 2024 at 08:30AM Fortinet announced patches for critical vulnerabilities in FortiOS and other products, including a code injection bug in FortiClientLinux (CVE-2023-45590). Several high-severity vulnerabilities were also addressed in FortiOS, FortiProxy, FortiClientMac, and FortiSandbox. Users are advised to update their Fortinet appliances promptly to prevent potential cyber threats. CISA warns of the vulnerabilities’ … Read more
April 9, 2024 at 09:42AM SAP released 10 new security notes and updated 2, patching high-severity vulnerabilities. One note addresses a security misconfiguration issue in NetWeaver AS Java UME, allowing simple passwords despite requirements. Onapsis clarifies the issue’s cause and recommends applying SAP’s patches regardless of feature status. The remaining notes fix medium-severity issues in … Read more
April 4, 2024 at 05:51PM This year, Ivanti has revealed 11 flaws, some of which are critical, in its remote access products. Based on the meeting notes, Ivanti has disclosed a total of 11 flaws in its remote access products, with many of them being critical. Full Article