February 4, 2024 at 10:39AM “Leaky Vessels” vulnerabilities were discovered by Snyk security researcher, allowing hackers to escape containers and access underlying system data. No active exploitation was found, but impacted parties are advised to apply available security updates promptly. The flaws affected runc and Buildkit, impacting Docker, Kubernetes, and more. Patched versions were released … Read more
February 1, 2024 at 08:52AM CISA has directed U.S. federal agencies to disconnect vulnerable Ivanti Connect Secure or Policy Secure VPN appliances due to exploited bugs. Ivanti is targeted in attacks using zero-day flaws, prompting the release of security patches and mitigation instructions. Agencies are required to follow a series of steps to bring the … Read more
January 30, 2024 at 08:23AM The Cyber Claims Report observes the evolving nature of cyber threats, particularly ransomware. In 1H 2023, ransomware frequency increased by 27% from 2H 2022, with an average loss of over $365,000 and an average ransom demand of $1.62 million. Businesses with more than $100 million in revenue were hit the … Read more
January 30, 2024 at 03:59AM Juniper Networks released out-of-band updates for high-severity flaws in SRX and EX Series, addressing missing authentication and cross-site scripting vulnerabilities. watchTowr Labs discovered and reported the issues. Temporary mitigations include disabling J-Web or restricting access. Earlier critical vulnerability fixes were also shipped. U.S. CISA added previously disclosed vulnerabilities to the … Read more
January 29, 2024 at 05:05PM Around 45,000 Internet-exposed Jenkins servers remain unpatched against a critical arbitrary file-read vulnerability (CVE-2024-23897), allowing remote code execution. Proof-of-exploit code is available, with reports of attackers attempting to exploit. The vulnerability affects the Jenkins CLI and can lead to data theft, system compromise, and disrupted pipelines. An immediate software update … Read more
January 24, 2024 at 04:24AM Open-source components are increasingly used in applications, challenging traditional Software Composition Analysis (SCA) tools’ ability to combat open-source threats. As businesses capitalize on open-source libraries to expedite application development, the reliance on interconnected dependencies introduces vulnerabilities in the supply chain. Gartner predicts a surge in supply chain attacks, advocating heightened … Read more
January 18, 2024 at 06:12AM In 2024, the cybersecurity landscape faces evolving challenges, particularly from ransomware. Cybercriminals are adopting a new strategy of data theft and extortion, bypassing traditional encryption-based attacks. Encrypted data offers legal protection in the event of a breach, but widespread encryption deployment lags. Proactive security management and asset enumeration are critical … Read more
January 17, 2024 at 02:37PM Vicarius, a New York vulnerability management firm, secured $30 million in a Series B funding round led by Bright Pixel. With total funding exceeding $56 million, the company offers automated vulnerability management through vRx and a PLG model. Their LLM-based approach with vuln_GPT aims to combat AI attacks, and the … Read more
January 12, 2024 at 12:11AM In 2024, cyber insurance requirements are set to evolve, reflecting the changing threat landscape and increasing data breach costs. Predictions include a shift towards modern attack surface management, prioritization of vulnerabilities, limited coverage for manufacturing breaches, and mandatory incident response plans. Providers emphasize adaptability in the face of evolving regulations … Read more
January 11, 2024 at 04:01AM Cisco has issued software updates to address a critical security flaw (CVE-2024-20272 – CVSS score: 7.3) in Unity Connection, allowing arbitrary file upload and execution of commands. Users are advised to update to patched versions to mitigate potential threats. Additionally, 11 medium-severity vulnerabilities have been resolved across Cisco software. Cisco … Read more