A year later, Log4Shell still lingers
72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from …
vulnerability
Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the …
A flaw in ConnectWise Control spurred the company to make life harder for scammers
A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, …
Best practices for implementing a company-wide risk analysis program
For most organizations today, the threat surface is broad and getting broader. There are the obvious concerns like the user base, remote or BYOD computing, on-premises …
Transportation sector targeted by both ransomware and APTs
Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes …
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in …
How can CISOs catch up with the security demands of their ever-growing networks?
Vulnerability management has always been as much art as science. However, the rapid changes in both IT networks and the external threat landscape over the last decade have …
The most frequently reported vulnerability types and severities
Bishop Fox collected and analyzed publicly disclosed reports from January to July 2022 to better understand the most frequently reported vulnerability types, the …
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)
Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the …
ConnectWise backup solutions open to RCE, patch ASAP!
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or …
Incoming OpenSSL critical fix: Organizations, users, get ready!
UPDATE (November 1, 2022, 01:55 p.m. ET): OpenSSL version 3.0.7 is out, and the severity of the vulnerability has been downgraded. Check out what you should be doing next. The …
Asset risk management: Getting the basics right
In this interview with Help Net Security, Yossi Appleboum, CEO at Sepio, talks about asset risk management challenges for different industries and where it’s heading. …