Please turn on your JavaScript for this page to function normally.
Apache OFBiz
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to …

Infosec products of the month
Infosec products of the month: August 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Adaptive Shield, AppOmni, ArmorCode, Bitwarden, Cequence Security, ClearSale, …

Infosec products of the week
New infosec products of the week: August 9, 2024

Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, …

ransomware
Ransomware operators continue to innovate

Ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises, according to Rapid7. They market their …

HNS
Rapid7 releases Command Platform, unified attack defense and response

Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a …

Progress MOVEit
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)

Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software …

Check Point
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which …

malware
Compromised courtroom recording software was served from vendor’s official site

Courtroom recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher …

social engineering
Black Basta target orgs with new social engineering campaign

Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access …

CrushFTP
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The …

Palo Alto Networks
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

UPDATE: April 30, 09:30 AM ET New story: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades While it initially seemed that …

NIST NVD
NIST’s NVD has encountered a problem

Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and …

Don't miss

Cybersecurity news