#VulnerabilityManagement – Page 31

OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining

April 19, 2024 by Xynik

April 19, 2024 at 05:57AM Cybercriminals are exploiting critical OpenMetadata vulnerabilities to access Kubernetes environments and deploy cryptocurrency mining malware, Microsoft warned. Five vulnerabilities, including an authentication bypass and high-severity issues, have been identified. Threat actors target internet-exposed Kubernetes workloads of OpenMetadata, achieve code execution, and download cryptomining-related malware. Microsoft advises updating OpenMetadata to version … Read more

Armis Acquires Silk Security for $150 Million

April 17, 2024 by Xynik

April 17, 2024 at 11:31AM Armis has acquired Silk Security for $150 million to enhance its Centrix Vulnerability Prioritization and Remediation product. It aims to provide security and developer teams with a consolidated view of security findings from various sources. Silk Security, which emerged from stealth mode in 2023, has raised $12.5 million. This acquisition … Read more

Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption

April 11, 2024 by Xynik

April 11, 2024 at 06:12AM Palo Alto Networks’ recent updates for PAN-OS operating system patch multiple high-severity vulnerabilities, including flaws that can lead to firewall disruptions. The vulnerabilities, like CVE-2024-3385, can be exploited for denial-of-service (DoS) attacks, impacting specific models and configuration settings. The company has also addressed medium-severity issues in various products, including Panorama … Read more

SAP’s April 2024 Updates Patch High-Severity Vulnerabilities

April 9, 2024 by Xynik

April 9, 2024 at 09:42AM SAP released 10 new security notes and updated 2, patching high-severity vulnerabilities. One note addresses a security misconfiguration issue in NetWeaver AS Java UME, allowing simple passwords despite requirements. Onapsis clarifies the issue’s cause and recommends applying SAP’s patches regardless of feature status. The remaining notes fix medium-severity issues in … Read more

In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution

April 5, 2024 by Xynik

April 5, 2024 at 09:06AM SecurityWeek’s cybersecurity news roundup offers a weekly compilation of noteworthy stories in the cybersecurity landscape, including the CISA breach affecting 100,000 people, the US House banning Microsoft AI Copilot, and the prosecution of a UK nuclear waste site for cybersecurity failures. Other stories include a report on the LockBit ransomware … Read more

Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz

April 4, 2024 by Xynik

April 4, 2024 at 03:30PM Utah IT software firm Ivanti responded to zero-day attacks with a CEO-led media campaign vowing to revamp its cybersecurity organization, acknowledged its security issues, and promised significant investment in secure-by-design principles. After delays in releasing patches for high-severity vulnerabilities, the US government ordered disconnection of Ivanti products. The CEO outlined … Read more

Ivanti commits to secure-by-design overhaul after vulnerability nightmare

April 4, 2024 by Xynik

April 4, 2024 at 11:15AM Ivanti plans a security overhaul, committing to a secure-by-design approach after recent exploits. CEO Jeff Abbott outlined changes, including a focus on product security, stack modernization, and better vulnerability management. The company aims to reduce time-to-patch and enhance customer support while investing in AI and transparent information sharing. These efforts … Read more

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth

April 3, 2024 by Xynik

April 3, 2024 at 10:12AM The Common Vulnerabilities and Exposures (CVE) List managed by MITRE and the National Vulnerability Database (NVD) overseen by NIST are no longer considered a single reliable source of vulnerability information. Challenges include missing vulnerabilities, false positives, and resource limitations. NIST, acknowledging the backlog, is seeking a consortium to improve vulnerability … Read more

Attack Surface Management vs. Vulnerability Management

April 3, 2024 by Xynik

April 3, 2024 at 07:51AM Attack surface management (ASM) and vulnerability management (VM) are often confused but differ in scope. VM uses automated tools to identify and prioritize security issues on known assets, while ASM focuses on detecting all digital assets and minimizing exposure to prevent exploitation. Used together, they create a more comprehensive cybersecurity … Read more

26 Security Issues Patched in TeamCity

March 29, 2024 by Xynik

March 29, 2024 at 07:18AM JetBrains released TeamCity 2024.03, addressing 26 security issues and introducing semi-automatic security updates. They emphasized not sharing vulnerability details to protect clients using older versions. The update patches seven CVEs, including a high-severity flaw enabling bypass of two-factor authentication. JetBrains’ cautious approach follows a recent incident of a critical flaw … Read more