Cl0p announces rules for extortion negotiation after MOVEit hack
The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 …
Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to …
Web entity activity reveals insights into internet security
For its recent research focusing on web entities (or content served over HTTP), Censys leveraged its internet-wide scan data to understand better the applications and services …
CISA releases ESXiArgs ransomware recovery script
According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess …
Top 3 resolutions for security teams
As 2023 goals become solidified, companies need to decide how they are prioritizing cybersecurity. It’s time to focus on what organizations can prioritize. In this Help …
Thousands of unpatched VMware ESXi servers hit by ransomware via old bug (CVE-2021-21974)
Late last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows …
Cacti servers under attack by attackers exploiting CVE-2022-46169
If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a …
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)
Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the …
Assessing the state of the internet to make smart security decisions
The internet constantly changes as new technologies are developed, and vulnerabilities are discovered. At the same time, organizations expand their operations that interact …
Organizations should fear misconfigurations more than vulnerabilities
Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, …
Censys raises $35 million to accelerate product development and sales operations
Censys announced it completed a $35 million Series B funding round led by Intel Capital. Previous investors including Google Ventures, Decibel and Greylock Partners also …
SolarWinds patches zero-day exploited in the wild (CVE-2021-35211)
SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being …