Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.
This past week in cybersecurity saw a wide range of vulnerabilities, from Apple product patches to several flaws that hit DevSecOps teams. The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. Read about…
It wasn’t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.
Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with…
Android, Apple, Apache, Cisco and Microsoft are among the names reporting security vulnerabilities in the last week, and some are already under attack.
Citrix, Juniper, VMware and Cisco are just a few of the IT vendors whose products made news for security vulnerabilities in the last week.
Normally, ‘ace’ implies something great, such as to ace an exam or to draw an ace in Blackjack. Unfortunately, arbitrary code execution (ACE) means that an attacker can use a vulnerability to execute any code they want on a device. In the vulnerabilities covered this week, attackers used an ACE vulnerability to install webshells and…
No one likes the hassle of dealing with patch management or vulnerability management, but it is universally agreed that security breaches are far worse. Many organizations try to proactively patch and manage vulnerabilities to prevent attackers from gaining any foothold. Google announced this week that it will now push out weekly security updates to Chrome…
Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. The vulnerabilities “could allow attackers to shut down entire data centers in minutes, slowly infect entire data center deployments to steal key data and information, or utilize compromised resources to initiate massive attacks at a global scale,”…
Microsoft’s August 2023 updates include six critical vulnerabilities, including a pair of Teams flaws that ‘deserve immediate remediation attention.’