vulnerability
Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure …
Does a secure coding training platform really work?
As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We …
Anticipating the next wave of IoT cybersecurity challenges
In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected …
Juniper Networks fixes flaws leading to RCE in firewalls and switches
Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers …
WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)
RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR …
Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden …
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise
Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A …
Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)
Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer …
Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks
Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, …
Major vulnerabilities discovered in data center solutions
Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure …
How to handle API sprawl and the security threat it poses
The proliferation of APIs has marked them as prime targets for malicious attackers. With recent reports indicating that API vulnerabilities are costing businesses billions of …
White House launches AI Cyber Challenge to make software more secure
The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the …
Featured news
Resources
Don't miss
- Fighting AI with AI: How Darwinium is reshaping fraud defense
- Beyond Passwords: A Guide to Advanced Enterprise Security Protection
- Why behavioral intelligence is becoming the bank fraud team’s best friend
- Ransomware will thrive until we change our strategy
- The final frontier of cybersecurity is now in space