vulnerability
Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when …
RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic …
Risk management focus shifts from external to internal exposure
Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, …
Open-source software usage slowing down for fear of vulnerabilities, exposures, or risks
Anaconda released its annual 2022 State of Data Science report, revealing the widespread trends, opportunities, and perceived blockers facing the data science, machine …
High severity vulnerabilities found in Harbor open-source artifact registry
Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, …
Most critical security gaps in the public cloud
Orca Security released the 2022 State of the Public Cloud Security Report, which provides important insights into the current state of public cloud security and where the most …
Backlogs larger than 100K+ vulnerabilities but too time-consuming to address
Rezilion and Ponemon Institute announced the release of “The State of Vulnerability Management in DevSecOps,” which reveals that organizations are losing thousands of hours in …
Organizations should fear misconfigurations more than vulnerabilities
Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, …
Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)
QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage (NAS) devices and the vulnerability …
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or …
With cyber insurance costs increasing, can smaller firms avoid getting priced out?
Cyber insurance is quickly becoming an unavoidable part of doing business as more organizations accept the inevitability of cyber risk. There is a growing awareness of the …
High-profile vulnerabilities encourage organizations to improve security posture
As organizations go about their regular routine of finding and adding new technologies to help increase their overall success, each organization must keep in mind the security …
Featured news
Sponsored
Don't miss
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints