PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote …
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)
A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The …
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About …
New infosec products of the week: December 15, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Censys, Confirm, Drata, Safe Security, and SpecterOps. Nemesis: Open-source …
Censys unveils two new product tiers to help researchers enhance their threat hunting work
Censys announced two new product tiers of its search tool, Censys Search Solo and Censys Search Teams. These additions are part of a series of strategic initiatives to enhance …
Censys Internet Map helps organizations identify, understand and mitigate threats
Censys announced the Censys Internet Map. As the data foundation that powers the Censys Internet Intelligence Platform, the Censys Internet Map provides users with the most …
NOS chooses Censys to monitor its attack surface
Censys has unveiled that NOS chose Censys to monitor its attack surface. Censys’ technology provides NOS with complete visibility into its external-facing …
Cl0p announces rules for extortion negotiation after MOVEit hack
The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 …
Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to …
Web entity activity reveals insights into internet security
For its recent research focusing on web entities (or content served over HTTP), Censys leveraged its internet-wide scan data to understand better the applications and services …
CISA releases ESXiArgs ransomware recovery script
According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess …
Top 3 resolutions for security teams
As 2023 goals become solidified, companies need to decide how they are prioritizing cybersecurity. It’s time to focus on what organizations can prioritize. In this Help …
Featured news
Resources
Don't miss
- Vulnerable firmware for Gigabyte motherboards could allow bootkit installation
- AsyncRAT evolves as ESET tracks its most popular malware forks
- Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech
- Securing vehicles as they become platforms for code and data
- How service providers can turn cybersecurity into a scalable MRR engine