Threats
Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.
-
Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More
This past week in cybersecurity saw a wide range of vulnerabilities, from Apple product patches to several flaws that hit DevSecOps teams. The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. Read about…
-
Weekly Vulnerability Recap – September 18, 2023 – Patch Tuesday Also For Adobe, Apple and More
It wasn’t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities.
-
Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days
Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with…
-
Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities
Android, Apple, Apache, Cisco and Microsoft are among the names reporting security vulnerabilities in the last week, and some are already under attack.
-
Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More
Citrix, Juniper, VMware and Cisco are just a few of the IT vendors whose products made news for security vulnerabilities in the last week.
-
Weekly Vulnerability Recap – August 21, 2023 – When ACE Equals Bad
Normally, ‘ace’ implies something great, such as to ace an exam or to draw an ace in Blackjack. Unfortunately, arbitrary code execution (ACE) means that an attacker can use a vulnerability to execute any code they want on a device. In the vulnerabilities covered this week, attackers used an ACE vulnerability to install webshells and…
-
Weekly Vulnerability Recap – August 14, 2023 – Old or New, Vulnerabilities Need Management
No one likes the hassle of dealing with patch management or vulnerability management, but it is universally agreed that security breaches are far worse. Many organizations try to proactively patch and manage vulnerabilities to prevent attackers from gaining any foothold. Google announced this week that it will now push out weekly security updates to Chrome…
-
Power Management Vulnerabilities Could Shut Down Data Centers: Researchers
Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. The vulnerabilities “could allow attackers to shut down entire data centers in minutes, slowly infect entire data center deployments to steal key data and information, or utilize compromised resources to initiate massive attacks at a global scale,”…
-
Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office
Microsoft’s August 2023 updates include six critical vulnerabilities, including a pair of Teams flaws that ‘deserve immediate remediation attention.’
