Security researchers at Eclypsium have reported that they had identified four vulnerabilities that could affect 30 million users of computer technology company Dell's laptops, desktops and tablets. The vulnerabilities have a cumulative CVSS score of 8.3 (high).
Apple has released patches for two zero-day vulnerabilities and a fix for another security issue, all of which affected devices running iOS version 12.5.3. It says the zero-day flaws are being exploited in the wild.
Microsoft's June Patch Tuesday contained patches for six zero-day vulnerabilities being exploited in the wild, including two flaws detected by Kaspersky that were being exploited by a new threat group named PuzzleMaker.
Researchers have uncovered an ongoing campaign by a Chinese advanced persistent threat group that has spent the last three years testing and refining a custom backdoor in its arsenal to conduct espionage campaigns targeting governments in Southeast Asia.
Security researchers have identified two vulnerabilities in the Joomla content management system that can be chained together for complete compromise of the network, a report by security firm Fortbridge finds.
Hackers are exploiting a critical zero-day flaw in the WordPress plug-in Fancy Product Designer, which allows remote code execution, the Wordfence Threat Intelligence team at Defiant Inc. says. Because a patch has not yet been released, the team urges users to immediately uninstall the vulnerable plug-in.
In a recent research project on cyber risk management, 340 cybersecurity and IT professionals were surveyed. They were asked what their organization’s biggest vulnerability management challenge is. 42% of respondents indicated that their biggest vulnerability management challenge is tracking vulnerability and patch...
Siemens has released patches for certain automation products that have a critical memory protection vulnerability, which attackers could exploit to run arbitrary code to access memory areas, enabling them to read sensitive data and use it to launch further attacks.
Is your team working constantly to discover and patch critical vulnerabilities across your global hybrid-IT landscape? Traditional vulnerability management solutions stop at only identifying vulnerabilities and don’t help with remediation. Security teams would prefer if they can automatically discover and categorize...
Two China-linked threat groups are still exploiting unpatched flaws in Ivanti's Pulse Connect Secure VPN products, using additional malware variants to support cyberespionage, FireEye's Mandiant Threat Intelligence team says.
Advanced persistent threat groups are continuing to exploit unpatched flaws in Fortinet products, the FBI warns in a flash alert. For example, an APT group apparently recently exploited a Fortigate appliance to access a web server hosting the domain for a U.S. municipal government, the bureau says.
VMware is warning all vCenter Server administrators to patch their software to fix a serious vulnerability that could be used to execute arbitrary code as well as a separate authentication flaw. Experts warn that these and other recent flaws are likely to be targeted by ransomware gangs.
Are there better ways to characterize, assess and handle big, bad bugs to help organizations better prioritize remediating them? Allan Liska, an intelligence analyst at Recorded Future, discusses better ways to focus vulnerability hunting.
The threat posed by ransomware attacks, including the growth of cybercriminal cartels, double extortion schemes and big game hunting targeting larger organizations, requires an international response, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told attendees Tuesday at RSA...
He is known for his regular reports for Reuters, as well as for his books, including the latest: "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World." Joseph Menn opens up on the biggest stories of the year and the lessons that must be learned.