Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Citrix
State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)

An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) …

Fortinet
Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)

A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group. “Fortinet …

Hand
24% of technology applications contain high-risk security flaws

With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and …

Cisco IP Phone 7800 Series
Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)

A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the …

open source
Research reveals where 95% of open source vulnerabilities lie

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from …

Log4j
A year later, Log4Shell still lingers

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from …

Oracle
Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the …

A flaw in ConnectWise Control spurred the company to make life harder for scammers

A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, …

risk
Best practices for implementing a company-wide risk analysis program

For most organizations today, the threat surface is broad and getting broader. There are the obvious concerns like the user base, remote or BYOD computing, on-premises …

bomb
Transportation sector targeted by both ransomware and APTs

Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes …

Backstage
Critical vulnerability in Spotify’s Backstage discovered, patched

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in …

data
How can CISOs catch up with the security demands of their ever-growing networks?

Vulnerability management has always been as much art as science. However, the rapid changes in both IT networks and the external threat landscape over the last decade have …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools