vulnerability
-
Blog
Everything you need to know about the Cleo file transfer vulnerability, including affected products, patches, and temporary mitigations
A vulnerability in the popular managed file transfer (MFT) service from software company Cleo is being actively exploited by threat actors, researchers have warned. Reports from multiple security firms have warned that three different Cleo products were being attacked in the wild, including Cleo Harmony, the firm’s widely-used file transfer service capability. VLTrader, a server-side solution aimed at mid-sized corporations,…
Read More » -
Blog
Microsoft Patches One Actively Exploited Vulnerability, Among Others
December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft…
Read More » -
Blog
Ivanti warns of maximum severity CSA auth bypass vulnerability
Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike’s Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path…
Read More » -
Blog
Researchers sound alarm over hackers exploiting critical ProjectSend vulnerability
Researchers have warned that threat actors are actively exploiting a critical vulnerability in a widely-used open source file sharing app. A report from vulnerability intelligence platform VulnCheck warned that potentially thousands of instances of ProjectSend are impacted by a serious flaw rated 9.8 on the CVSS. ProjectSend is an open source file sharing web application used by businesses to securely…
Read More » -
Blog
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Today, cybersecurity company Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. In a security advisory published on Friday, the company said it doesn’t yet have additional information regarding this alleged security flaw and added that it has yet to detect signs of active exploitation.…
Read More » -
Blog
Top Vulnerability Management Tools: Reviews & Comparisons 2024
There are more vulnerabilities around than ever. The Verizon Data Breach Investigations Report highlighted an almost 200% growth in the exploitation of vulnerabilities in 2023. In the first seven months of 2024, new vulnerabilities rose by another 30% compared to the previous year. No wonder vulnerability management tools are becoming a staple of the enterprise cybersecurity arsenal. “Vulnerability management is…
Read More » -
Blog
Google’s Big Sleep AI model just found a zero-day vulnerability in the wild — but don’t hold your breath for game-changing AI bug hunting tools any time soon
Google has claimed a vulnerability flagged by its Big Sleep AI model represents the first time an AI tool has found an unknown bug in the wild. Google clarified that this is the first time such a system has detected a memory-safety bug, acknowledging other AI tools have discovered different types of vulnerabilities before. “We believe this is the first…
Read More » -
Blog
A new SharePoint vulnerability is already being exploited
Attackers are exploiting a recently disclosed remote code execution vulnerability in Microsoft SharePoint to gain initial access to corporate networks. SharePoint’s main role in the Microsoft 365 ecosystem is for building intranets and dedicated web applications to support organizational processes. It is also used to build websites, and to gather together files in SharePoint teams connected to the Microsoft Teams…
Read More » -
Blog
Hackers target critical zero-day vulnerability in PTZ cameras
Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings. In April 2024, GreyNoise discovered CVE-2024-8956 and CVE-2024-8957 after its AI-powered threat detection tool, Sift, detected unusual activity on its honeypot network that did not match any known threats. Upon examination of the alert, GreyNoise researchers uncovered…
Read More » -
Blog
Firefox Update Patches Exploited Vulnerability
Mozilla, the company behind the browser Firefox, issued a fix on Wednesday for a zero-day vulnerability they say has been exploited. NIST lists the vulnerability as CVE-2024-9680, and its status as “awaiting analysis.” Firefox users should update to the latest version of the browser and of the extended support releases to protect their systems from potential attacks. Due to widespread…
Read More »