SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver

June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more

Tenable to Acquire Eureka Security to Boost DSPM Capabilities

June 7, 2024 at 11:33AM Tenable, a well-known player in vulnerability management, has announced the acquisition of Israeli startup Eureka Security, specializing in DSPM. The deal enhances Tenable’s Cloud-Native Application Protection Platform and provides tools to assess and manage data risk. This acquisition follows Tenable’s previous purchase of another Israeli cloud security firm, Ermetic. Financial … Read more

Cyber Landscape is Evolving – So Should Your SCA

June 7, 2024 at 08:06AM Summary: Traditional Software Composition Analysis (SCA) tools struggle to provide comprehensive security for software supply chains, leading to alert fatigue and leaving organizations vulnerable. Myrror Security’s guide offers insights into the limitations of current SCA tools and the features needed in future software supply chain security solutions to combat emerging … Read more

Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells

June 6, 2024 at 05:31PM Chinese threat actors are targeting vulnerable ThinkPHP applications, exploiting old flaws CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. The web shell allows further exploitation of breached endpoints, giving the attackers remote control, network scanning, and database access. Organizations are advised to update to ThinkPHP version 8.0 … Read more

Attacks Surge on Check Point’s Recent VPN Zero-Day Flaw

June 6, 2024 at 04:36PM A recent spike in exploit activity is targeting a critical flaw (CVE-2024-24919) in Check Point’s VPN technology. Attack attempts began in April, with a major increase after a public proof-of-concept was released. Over 13,000 exposed systems are at risk, prompting urgent patching. The US government has issued a deadline for … Read more

NIST Commits to Plan to Resume NVD Work

June 4, 2024 at 10:53AM NIST has faced a significant backlog in processing vulnerability reports, with only 26% being processed this year due to increasing workload and resource reductions. The agency has announced a plan to address the issue, including partnering with CISA and implementing process updates to enhance efficiency. Industry professionals express concerns and … Read more

NIST turns to IT consultants to clear National Vulnerability Database backlog

June 3, 2024 at 05:53PM NIST extended its contract with Analygence to address the growing backlog in its National Vulnerability Database. The backlog has been increasing since February, with 93% of vulnerabilities submitted remaining unanalyzed. NIST aims to clear the backlog and process current vulnerabilities by the end of the fiscal year. The agency is … Read more

Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager

May 22, 2024 at 07:42AM IT software company Ivanti released patches for several products, including critical vulnerabilities in Endpoint Manager (EPM). The fixes addressed SQL injection bugs and unrestricted file upload issues. Ivanti urged customers to update to the latest versions to apply the fixes. The company also reaffirmed its commitment to enhancing security practices. … Read more

Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities 

May 15, 2024 at 11:21AM Intel released 41 security advisories addressing over 90 vulnerabilities in its products. Critical vulnerability CVE-2024-22476 was found in Neural Compressor, allowing unauthenticated remote attackers to escalate privileges. High-severity flaws were also found in UEFI firmware, graphics, and network products. Additionally, there were medium-severity vulnerabilities in various hardware and software products. … Read more

Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities

May 14, 2024 at 03:43PM Microsoft released security updates addressing 60 vulnerabilities, including an actively exploited zero-day bug called CVE-2024-30051 with a severity score of 7.8/10. They also warned of CVE-2024-30040 allowing attackers to execute code in Microsoft 365, and CVE-2024-30044 for remote code execution in Microsoft Sharepoint, urging admins to take immediate action. From … Read more