vulnerabilities

Security | Jul 29, 2024

Bonkers VMware vulnerability abused in ransomware attacks

net group “ESX Admins” username /domain /add.

vulnerabilities | Jul 11, 2024

Trio of unauthenticated ServiceNow vulnerabilities exposed 42,000

CVE-2024-4879 (CVSS 9.8) lets “an unauthenticated user remotely execute code” -- ServiceNow swiftly pushed fix to hosted instances but those self-hosting must...

Security | Jul 08, 2024

Fake OpenSSH "exploit" is a real exploit. Just not the one you thought.

Cisco says 42 products confirmed exposed to CVE-2024-6387 -- but OpenSSH exploit is malicious: Beware bogus POCs says Kaspersky

Security | Jul 01, 2024

Pre-auth RCE to root in OpenSSH server: 700,000 instances exposed

RHEL 9 affected, Debian, Ubuntu, SUSE push fixes

Security | Jun 26, 2024

Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit...

Fix up, look sharp: Uncle Sam is running out of patience with tech firms shipping insecure software. Vendors? Get familiar with the phrase "query parameterization"...

vulnerabilities | Jun 18, 2024

How the NVD backlog highlights the need for context in vulnerability management

"A Vulnerability Operations Centre (VOC) approach can work wonders here..."

vulnerabilities | Jun 17, 2024

Microsoft updates mitigation for critical “wormable” bug

256,000 devices believed publicly exposed. But are MSMQ bugs really attacked in the wild?

Fortinet | Jun 11, 2024

20,000 Fortinet devices breached by Chinese hackers – reboots, firmware updates no defence

"It is important that organizations practice the ‘assume breach’ principle..." YARA rules, hashes etc. available for defenders.

Security | Jun 11, 2024

“Trivially exploitable” bug in SolarWinds file server needs prompt fixing

“CVE-2024-28995 is not known to be exploited in the wild as of 9 AM ET on June 11. We expect this to change."

document.currentScript.parentNode.innerHTML = (parseInt(document.currentScript.closest('.iteration-container').dataset.length)).toString();