Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns
If your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell …
VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)
VMware has released patches for a privately reported critical vulnerability (CVE-2022-22972) in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize …
The 15 most exploited vulnerabilities in 2021
In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by …
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many …
APT group has developed custom-made tools for targeting ICS/SCADA devices
Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency (CISA): …
Potential threats to uninterruptible power supply (UPS) devices
In this video for Help Net Security, Chris Westphal, Cybersecurity Evangelist at Ordr, talks about an alert that came out recently from CISA and the Department of Energy …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
KSOC announces that its Kubernetes security platform supports hardening NSA/CISA guidelines
KSOC announced that their platform satisfies the Kubernetes hardening guidelines issued by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security …
Cyber attacks on Ukraine: DDoS, new data wiper, cloned websites, and Cyclops Blink
This Thursday morning, Russia started its invasion on Ukraine and, as predicted, the attacks in the physical world have been preceded and accompanied by cyber attacks: Renewed …
Dragos partners with NSA and CISA to increase OT cybersecurity for United States critical infrastructure
Dragos has announced initiatives with the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) to strengthen security and visibility …
A “light” February 2022 Patch Tuesday that should not be ignored
February 2022 Patch Tuesday is here and it’s all-around “light” – light in fixed CVE-numbered vulnerabilities (51), extremely light in critical fixes …
The Log4j saga: New vulnerabilities and attack vectors discovered
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …