vulnerability
36% of orgs expose insecure FTP protocol to the internet, and some still use Telnet
A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking …
VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)
VMware has released fixes for ten vulnerabilities, including CVE-2022-31656, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and …
“ParseThru” vulnerability allows unauthorized access to cloud-native applications
A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native …
Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!
Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management …
Vulnerabilities in popular GPS tracker could allow hackers to remotely stop cars
Six vulnerabilities in the MiCODUS MV720 GPS tracker that’s used by organizations around the world to manage and protect vehicle fleets could be exploited by attackers …
Researchers disclose 56 vulnerabilities impacting thousands of OT devices
Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …
Only 10% of vulnerabilities are remediated each month
A research from SecurityScorecard and The Cyentia Institute revealed only 60% of organizations have improved their security posture despite a 15-fold increase in cyber-attacks …
API security warrants its own specific solution
Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can …
Qbot – known channel for ransomware – delivered via phishing and Follina exploit
More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the …
Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
A closer look at the 2022 Microsoft Vulnerabilities Report
BeyondTrust’s recent 2022 Microsoft Vulnerabilities Report includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a …
The cyber posture of the U.S. Federal Government
Government agencies are prime targets for attack due to the sheer amount of sensitive information they possess. As today’s geopolitical landscape continues to become …