vulnerability
-
Blog
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Today, cybersecurity company Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. In a security advisory published on Friday, the company said it doesn’t yet have additional information regarding this alleged security flaw and added that it has yet to detect signs of active exploitation.…
Read More » -
Blog
Top Vulnerability Management Tools: Reviews & Comparisons 2024
There are more vulnerabilities around than ever. The Verizon Data Breach Investigations Report highlighted an almost 200% growth in the exploitation of vulnerabilities in 2023. In the first seven months of 2024, new vulnerabilities rose by another 30% compared to the previous year. No wonder vulnerability management tools are becoming a staple of the enterprise cybersecurity arsenal. “Vulnerability management is…
Read More » -
Blog
Google’s Big Sleep AI model just found a zero-day vulnerability in the wild — but don’t hold your breath for game-changing AI bug hunting tools any time soon
Google has claimed a vulnerability flagged by its Big Sleep AI model represents the first time an AI tool has found an unknown bug in the wild. Google clarified that this is the first time such a system has detected a memory-safety bug, acknowledging other AI tools have discovered different types of vulnerabilities before. “We believe this is the first…
Read More » -
Blog
A new SharePoint vulnerability is already being exploited
Attackers are exploiting a recently disclosed remote code execution vulnerability in Microsoft SharePoint to gain initial access to corporate networks. SharePoint’s main role in the Microsoft 365 ecosystem is for building intranets and dedicated web applications to support organizational processes. It is also used to build websites, and to gather together files in SharePoint teams connected to the Microsoft Teams…
Read More » -
Blog
Hackers target critical zero-day vulnerability in PTZ cameras
Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings. In April 2024, GreyNoise discovered CVE-2024-8956 and CVE-2024-8957 after its AI-powered threat detection tool, Sift, detected unusual activity on its honeypot network that did not match any known threats. Upon examination of the alert, GreyNoise researchers uncovered…
Read More » -
Blog
Firefox Update Patches Exploited Vulnerability
Mozilla, the company behind the browser Firefox, issued a fix on Wednesday for a zero-day vulnerability they say has been exploited. NIST lists the vulnerability as CVE-2024-9680, and its status as “awaiting analysis.” Firefox users should update to the latest version of the browser and of the extended support releases to protect their systems from potential attacks. Due to widespread…
Read More » -
Blog
Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs
Volt Typhoon, a Chinese state-sponsored hacking group, has been caught exploiting a zero-day vulnerability in Versa Director servers, used by managed service providers and internet service providers. CVE-2024-39717 was added to CISA’s “Known Exploited Vulnerabilities Catalog” on Aug. 23 after Lumen Technologies discovered its active exploitation. Data from Censys shows that there are 163 devices in the U.S., Philippines, Shanghai,…
Read More » -
Blog
Versa fixes Director zero-day vulnerability exploited in attacks
Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. Versa Director is a platform designed to help managed service providers simplify the design, automation, and delivery of SASE services, offering essential management, monitoring, and orchestration for Versa SASE’s networking…
Read More » -
Blog
New Windows Vulnerability Impacts PCs With IPv6
Security updates are an important way to keep your devices safe, and if you have a Windows PC, you’ll definitely want to install any available updates. Microsoft is now patching a significant vulnerability caused by the IPv6 stack in Windows. Microsoft has confirmed a critical vulnerability in its TCP/IP protocol that could allow remote attackers to execute code on all…
Read More » -
Blog
NetSuite vulnerability could leave thousands of websites exposed
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full addresses and mobile phone numbers of customers The vulnerability has already left several thousand live SuiteCommerce websites vulnerable and the extent of potential damage could be far-reaching.…
Read More »