Please turn on your JavaScript for this page to function normally.
Ivanti
Ivanti vows to transform its security operating model, reveals new vulnerabilities

Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also …

Microsoft SharePoint
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code …

Ray
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse …

Microsoft Exchange
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates …

smartphone
Apps secretly turning devices into proxy network nodes removed from Google Play

Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and …

Ivanti
Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though …

NIST NVD
NIST’s NVD has encountered a problem

Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and …

arcserve
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files …

BSAM
BSAM: Open-source methodology for Bluetooth security assessment

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security …

Cisco
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be …

Ivanti
State-sponsored hackers know enterprise VPN appliances inside out

Suspected Chinese state-sponsored hackers leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of …

ConnectWise
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of …

Don't miss

Cybersecurity news