vulnerabilities

Security | Jul 08, 2024

Fake OpenSSH "exploit" is a real exploit. Just not the one you thought.

Cisco says 42 products confirmed exposed to CVE-2024-6387 -- but OpenSSH exploit is malicious: Beware bogus POCs says Kaspersky

Security | Jul 01, 2024

Pre-auth RCE to root in OpenSSH server: 700,000 instances exposed

RHEL 9 affected, Debian, Ubuntu, SUSE push fixes

Security | Jun 26, 2024

Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit...

Fix up, look sharp: Uncle Sam is running out of patience with tech firms shipping insecure software. Vendors? Get familiar with the phrase "query parameterization"...

vulnerabilities | Jun 18, 2024

How the NVD backlog highlights the need for context in vulnerability management

"A Vulnerability Operations Centre (VOC) approach can work wonders here..."

vulnerabilities | Jun 17, 2024

Microsoft updates mitigation for critical “wormable” bug

256,000 devices believed publicly exposed. But are MSMQ bugs really attacked in the wild?

Fortinet | Jun 11, 2024

20,000 Fortinet devices breached by Chinese hackers – reboots, firmware updates no defence

"It is important that organizations practice the ‘assume breach’ principle..." YARA rules, hashes etc. available for defenders.

Security | Jun 11, 2024

“Trivially exploitable” bug in SolarWinds file server needs prompt fixing

“CVE-2024-28995 is not known to be exploited in the wild as of 9 AM ET on June 11. We expect this to change."

Security | May 30, 2024

Check Point vulnerability far worse than thought – exploited in wild since April

Check Point vulnerability CVE-2024-24919

106,000 customers publicly exposed, initial searches suggest.

Security | May 30, 2024

Turf wars? NIST to fix NVD backlog by September – insists it’s right agency to run vulnerability database

Update comes after CISA started enriching CVEs itself…

document.currentScript.parentNode.innerHTML = (parseInt(document.currentScript.closest('.iteration-container').dataset.length)).toString();