Threats
The latest cybersecurity threats and news to help you protect your data, networks, applications, and devices.
-
Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities
Vulnerabilities carrying high severity scores require urgent attention, and many of this week’s critical vulnerabilities are no exception. A host of zero-day vulnerabilities, several under active attack, will require immediate attention for patching or mitigation. However, as valuable as ratings can be, they don’t tell the whole story. 25-year-old RSA description vulnerabilities defy the CSV… Read more
-
Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More
This past week in cybersecurity saw a wide range of vulnerabilities, from Apple product patches to several flaws that hit DevSecOps teams. The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. Read about… Read more
-
Weekly Vulnerability Recap – September 18, 2023 – Patch Tuesday Also For Adobe, Apple and More
It wasn’t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities. Read more
-
Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days
Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with… Read more
-
Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities
Android, Apple, Apache, Cisco and Microsoft are among the names reporting security vulnerabilities in the last week, and some are already under attack. Read more
-
Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More
Citrix, Juniper, VMware and Cisco are just a few of the IT vendors whose products made news for security vulnerabilities in the last week. Read more
-
Weekly Vulnerability Recap – August 21, 2023 – When ACE Equals Bad
Normally, ‘ace’ implies something great, such as to ace an exam or to draw an ace in Blackjack. Unfortunately, arbitrary code execution (ACE) means that an attacker can use a vulnerability to execute any code they want on a device. In the vulnerabilities covered this week, attackers used an ACE vulnerability to install webshells and… Read more
-
Weekly Vulnerability Recap – August 14, 2023 – Old or New, Vulnerabilities Need Management
No one likes the hassle of dealing with patch management or vulnerability management, but it is universally agreed that security breaches are far worse. Many organizations try to proactively patch and manage vulnerabilities to prevent attackers from gaining any foothold. Google announced this week that it will now push out weekly security updates to Chrome… Read more
-
Power Management Vulnerabilities Could Shut Down Data Centers: Researchers
Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. The vulnerabilities “could allow attackers to shut down entire data centers in minutes, slowly infect entire data center deployments to steal key data and information, or utilize compromised resources to initiate massive attacks at a global scale,”… Read more
-
Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office
Microsoft’s August 2023 updates include six critical vulnerabilities, including a pair of Teams flaws that ‘deserve immediate remediation attention.’ Read more
