vulnerability
Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been …
Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage
Researchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage. …
Vulnerabilities associated with ransomware increased 4.5% in Q3 2021
Ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021, a report by Ivanti, Cyber Security Works and …
Mobile phishing exposure in the energy industry surged 161% in 2021
Mobile phishing exposure surged 161% within the energy industry between the second half of 2020 and the first half of 2021, a Lookout report reveals. The research indicates …
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The …
Proven third-party risk management strategies
As cyber threats continue to plague enterprises and the third-party partners and suppliers they work with, organizations that have prioritized the development of a robust …
Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …
Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …
Financial services need to prioritize API security to protect their customers
Noname Security and Alissa Knight, Partner at Knight Ink and recovering hacker, announced a research which unveils a number of vulnerabilities in the banking, cryptocurrency …
API attacks are both underdetected and underreported
Akamai released a research into the evolving threat landscape for application programming interfaces (APIs), which according to Gartner will be the most frequent online attack …
Organizations making security trade-offs in the push to innovate
The vast majority of organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A …
Increased risk tolerances are making digital transformation programs vulnerable
Digital transformation programs could be vulnerable to cyber attacks due to increased risk tolerances and ongoing cybersecurity challenges, according to a global research of …