vulnerability
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …
Top attack techniques for breaching enterprise and cloud environments
In this video for Help Net Security, Zur Ulianitzky, Head of Research at XM Cyber, talks about the top attack techniques used by threat actors to compromise critical assets in …
Potential threats to uninterruptible power supply (UPS) devices
In this video for Help Net Security, Chris Westphal, Cybersecurity Evangelist at Ordr, talks about an alert that came out recently from CISA and the Department of Energy …
Cybersecurity must be at the forefront of a blockchain project
In this video for Help Net Security, Dr. Dmitry Mikhailov, CTO at Farcana Metaverse, talks about cybersecurity in the crypto industry and the vulnerability of a blockchain …
Steady rise in severe web vulnerabilities
Invicti Security released a research which reveals a rise in severe web vulnerabilities and the need for executive leaders to intertwine their application security and digital …
86% of developers don’t prioritize application security
Secure Code Warrior released findings from its survey, which found that developers’ actions and attitudes toward software security are in conflict. While many developers …
How often do developers push vulnerable code?
A Tromzo report reveals developers remediate only 32% of vulnerabilities and regularly push vulnerable code. The report was based on a survey of more than 400 U.S.-based …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Vulnerabilities and cyberattacks that marked the year 2021
Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals …
Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …
JavaScript security: The importance of prioritizing the client side
In this interview with Help Net Security, Vitaliy Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, …
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …