October 2, 2024 at 09:02AM The manufacturing industry has become a prime target for ransomware attacks, accounting for 21% of such incidents and putting companies at three times higher risk. A Black Kite study reveals that 80% of manufacturing firms have critical vulnerabilities and 67% are listed in the Known Exploited Vulnerabilities catalog. Persistent patch … Read more
October 1, 2024 at 05:40PM Bishop Fox and ServiceNow announced the launch of Cosmos for ServiceNow, enabling seamless synchronization of validated exposures from Bishop Fox Cosmos portal into ServiceNow environment. This integration aims to enhance security posture and operational efficiency for customers. Bishop Fox’s Registered Build Partner status underscores the value of this solution in … Read more
September 27, 2024 at 03:56PM NVIDIA released an update to fix a critical vulnerability in its NVIDIA Container Toolkit, affecting versions up to v1.16.1. The CVE-2024-0132 vulnerability, with a CVSS v3.1 rating of 9.0, could lead to various threats if exploited. Trend Vision One™ offers proactive protection and scanning for this vulnerability to prevent attacks. … Read more
September 25, 2024 at 10:42AM DefectDojo, an application security firm based in Austin, Texas, raised $7 million in Series A funding. The company’s open source platform automates security workflows, aggregates data from various tools, and offers vulnerability management capabilities. The funds will support innovation, product development, and market expansion while maintaining a commitment to its … Read more
September 25, 2024 at 08:48AM Researcher Shawn Merdinger discovered a serious vulnerability in a US healthcare facility that allows threat actors to hack its building doors. The vulnerability stems from the exposure of the facility’s door access system to the internet and the use of default credentials. The facility has denied the findings, and some … Read more
September 18, 2024 at 08:24AM Google released Chrome 129 in the stable channel, addressing nine vulnerabilities, with the most severe being a type confusion bug in the V8 JavaScript engine. The update also resolves medium and low-severity vulnerabilities, with $13,000 in bug bounty payouts. Chrome 129 is now rolling out for Windows, macOS, and Linux, … Read more
September 10, 2024 at 01:37PM Today, Microsoft’s September 2024 Patch Tuesday addresses 79 flaws, including four zero-days. Seven critical vulnerabilities were fixed, with details on each category of flaws provided. Notably, one of the zero-days, CVE-2024-38014, allows attackers to gain SYSTEM privileges. The update also includes vulnerabilities in various Microsoft products and services, along with … Read more
September 6, 2024 at 09:25AM SonicWall warns of potential exploitation of recently fixed access control flaw (CVE-2024-40766) in SonicOS. Urges admins to promptly apply patches to mitigate attacks. It seems that there’s a warning from SonicWall about a potential exploitation of a recently fixed access control flaw (CVE-2024-40766) in SonicOS. Admins are being urged to … Read more
September 6, 2024 at 08:00AM Veeam announced patches for critical-severity bugs this week, impacting its enterprise products. The vulnerabilities could lead to remote code execution and sensitive information disclosure. The flaws affect various Veeam solutions including Backup & Replication, Veeam ONE, Service Provider Console, Veeam Agent for Linux, and other plugins. Users are advised to … Read more
September 5, 2024 at 06:03AM The NIST Cybersecurity Framework (CSF), introduced in 2013, provides a voluntary framework to manage cyber risk by organizing and prioritizing security measures into five core functions. The latest version, CSF 2.0, emphasizes continuous improvement, broader enterprise risk management, and proactive cybersecurity. The CSF and Continuous Threat Exposure Management (CTEM) program … Read more