March 22, 2024 at 06:01PM New AcidPour variant expands its target range to include IoT devices, storage area networks, and handhelds, significantly increasing its potential impact. From the meeting notes, the key takeaway is that the new AcidPour variant has the capability to attack a much broader range of targets, including IoT devices, storage area … Read more
March 15, 2024 at 05:14PM The new GhostRace exploit, similar to Spectre, allows attackers to access sensitive information from system memory and perform malicious actions. Based on the meeting notes, it seems that the discussion was about the new GhostRace exploit, which, similar to Spectre, poses a threat by allowing attackers to access sensitive information … Read more
March 13, 2024 at 02:03AM Microsoft released a monthly security update addressing 61 vulnerabilities, including 2 critical issues in Windows Hyper-V with potential for denial-of-service and remote code execution. None of the flaws were publicly known or under active attack, but updates were also made to the Chromium-based Edge browser. Other vendors have also released … Read more
March 12, 2024 at 07:27AM Organizations are increasingly considering establishing a Continuous Threat Exposure Management (CTEM) program to reduce cyber risk. The CTEM approach combines attack simulation, risk prioritization, and remediation guidance to identify and address the most urgent risks and vulnerabilities. CTEM offers advantages over alternative approaches, covering all assets and continuously discovering all … Read more
March 7, 2024 at 09:34AM Cisco announced patches for two high-severity vulnerabilities in Secure Client VPN application, impacting Linux, macOS, and Windows versions. The first issue, tracked as CVE-2024-20337, could be exploited remotely without authentication, while the second bug, tracked as CVE-2024-20338, affects only Secure Client for Linux and requires authentication. Cisco also addressed multiple … Read more
March 6, 2024 at 10:49AM VMware released security updates addressing critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. The flaws, tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255, carry a severity rating and require local administrative privileges for exploitation. VMware recommends removing USB controllers from virtual machines as a mitigation strategy. Older ESXi … Read more
March 6, 2024 at 08:03AM Southern Company undertook a project to create a software bill of materials (SBOM) for its Mississippi substation, involving inventorying hardware, software, and firmware, and gathering supply-chain information from 17 vendors. The process included challenges such as limited vendor cooperation and outdated SBOMs upon receipt. The project highlighted the importance of … Read more
March 5, 2024 at 06:45AM Startups and mid-market businesses heavily rely on cloud services, leading to a complex and distributed attack surface that’s challenging to monitor and secure. Exposure management in cybersecurity aims to provide visibility and prioritize vulnerabilities to reduce business risks. Intruder offers automated vulnerability management to discover and prioritize weaknesses across the … Read more
March 4, 2024 at 06:09PM TeamCity’s cloud versions are already patched against new critical vulnerabilities, but on-premises deployments require immediate patching, warns the vendor. The platform, used by major organizations including Citibank and Nike, manages the software development CI/CD pipeline. The vulnerabilities (CVE-2024-27198 and CVE-2024-27199) could enable threat actors to bypass authentication and gain admin … Read more
February 29, 2024 at 04:46PM TenableĀ® released Tenable One for OT/IoT, the first exposure management platform offering comprehensive visibility into assets across IT, operational technology (OT), and IoT environments. This solution aims to address the increasing cyber attack surface due to interconnected assets, providing actionable risk intelligence to mitigate operational risks and prioritize security measures. … Read more