vulnerability
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …
Hacker-powered pentests gaining momentum
Hackers have reported over 66,000 valid vulnerabilities this year – over 20% more than 2020 – with hacker-powered pentests seeing a 264% increase in reported …
Vulnerabilities in Eltima SDK affect popular cloud desktop and USB sharing services
SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like …
Microsoft vulnerabilities have grave implications for organizations of all sizes
Microsoft software products are a connective tissue of many organizations, from online documents (creating, sharing, storing), to email and calendaring, to the operating …
It’s time to patch your SonicWall SMA 100 series appliances again!
SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although …
2021 will be a record-breaking year for data breaches, what about 2022?
In a new Experian forecast, five predictions for 2022 underscore the ongoing impact of the pandemic on cybersecurity. Cybercriminals will continue to exploit vulnerabilities …
The threats of modern application architecture are closer than they appear
Modern applications and software have evolved as the transition to the cloud was accelerated by widespread digital transformation, as enterprises of all sizes made heavy …
Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide
Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than …
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
Tor2Mine cryptominer has evolved: Just patching and cleaning the system won’t help
Sophos released new findings on the Tor2Mine cryptominer, that show how the miner evades detection, spreads automatically through a target network and is increasingly harder …
The importance of vulnerability management for your organization
Everyone is familiar with home burglaries. Criminals case a house looking for easy access through open windows, unlocked doors, open garages, and the like. Hackers take the …
API security awareness: The first step to better assessing the risk
In this Help Net Security interview, Tal Steinherz, CTO at Wib, talks about the importance of API security awareness and how to tackle numerous threats that are plaguing it. …