cybersecurity
Can you guess the product with the most CVEs in 2022?
Updated January 6, 11:00 BST: CircleCI has updated its advisory which deserves revisiting. CircleCI is calling on customers to “immediately rotate any and all secrets” after a security incident. The breach appears to have occurred around December 21 and to have gone unnoticed over the Christmas period. Credentials stolen
Now was not the time...
Two new cybersecurity tools “OSV-Scanner” and “Peach” that landed this week deserve attention – whether you are a CISO, Blue Team, or just trying to tighten up your application development or cloud practices. OSV-Scanner was released under an Apache 2.0 licence by Google. Peach is an open framework from Wiz
Critical Citrix, VMware, Microsoft vulnerabilities all need patching
Security researchers at Juniper Threat Labs say they have identified previously undocumented malware targeting VMware ESXi servers that is notable for its “simplicity, persistence and capabilities.” VMware’s ESXi is a bare metal hypervisor that is widely deployed in large enterprises to run software virtually, from applications to fully emulated
Fortinet has pushed out an emergency patch for a critical CVSS 9.3 vulnerability in numerous versions of its FortiOS operating system, which lets an unauthenticated, remote attacker (pre-auth RCE) take over systems. Critics would be forgiven for asking tough questions about QA and feeling like it was "deja
A year after a critical vulnerability in a ubiquitous piece of open source software, Log4J, set off what The Stack described at the time as an “internet cluster bomb”, nearly 40% of downloads of the popular open source java logging library are still of the vulnerable version – despite the high