vulnerability
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)
Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the …
ConnectWise backup solutions open to RCE, patch ASAP!
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or …
Incoming OpenSSL critical fix: Organizations, users, get ready!
UPDATE (November 1, 2022, 01:55 p.m. ET): OpenSSL version 3.0.7 is out, and the severity of the vulnerability has been downgraded. Check out what you should be doing next. The …
Asset risk management: Getting the basics right
In this interview with Help Net Security, Yossi Appleboum, CEO at Sepio, talks about asset risk management challenges for different industries and where it’s heading. …
Consumer behaviors are the root of open source risk
Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found …
Vulnerabilities in Cisco Identity Services Engine require your attention (CVE-2022-20822, CVE-2022-20959)
Cisco has published a heads-up for admins of Cisco Identity Services Engine solutions, about two vulnerabilities (CVE-2022-20822, CVE-2022-20959) that could be exploited to …
Apache Commons Text flaw is not a repeat of Log4Shell (CVE-2022-42889)
A freshly fixed vulnerability (CVE-2022-42889) in the Apache Commons Text library has been getting attention from security researchers these last few days, worrying it could …
Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, …
Weakness in Microsoft Office 365 Message Encryption could expose email contents
WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption (OME) that could be exploited by attackers to obtain …
Smart buildings may be your cybersecurity downfall
According to a recent eEnergy report, 30 per cent of all purchased energy in the UK is currently wasted in commercial buildings, warehouses and education facilities. Whilst …
Auth bypass bug in FortiOS, FortiProxy is exploited in the wild (CVE-2022-40684)
After privately warning customers last week that they need to patch or mitigate CVE-2022-40684, a critical vulnerability affecting FortiOS, FortiProxy, and FortiSwitchManager, …
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires …