Vulnerability


  • An image COBOL computer code pictured on a green-screen computer monitor.
    Image attribution tooltip
    tigermad via Getty Images
    Image attribution tooltip

    Poor vulnerability management could indicate larger cyber governance issues, S&P says

    Companies that fail to properly mitigate security vulnerabilities are leaving themselves open to malicious activity, the research firm said.

    By Oct. 29, 2024
  • Fingers hover over a computer keyboard with numbers on a screen, against a shadowy backdrop.
    Image attribution tooltip
    jariyawat thinsandee via Getty Images
    Image attribution tooltip

    Cisco warns actively exploited CVE can lead to DoS attacks against VPN services

    The company warned the threat activity is linked to previously disclosed brute-force attacks beginning in March.

    By Oct. 28, 2024
  • Data privacy
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Critical Veeam CVE actively exploited in ransomware attacks

    Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data backup and recovery vendor.

    By Oct. 22, 2024
  • Microsoft President and Vice Chair Brad Smith speaks April 12, 2023, at the Semafor World Economy Summit in Washington D.C.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft confirms partial loss of security log data on multiple platforms

    The company previously expanded free access to security logs on several platforms, including Purview, following the 2023 state-linked hack of Exchange Online.

    By Oct. 18, 2024
  • CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
    Image attribution tooltip
    Permission granted by Carnegie Mellon University
    Image attribution tooltip

    FBI, CISA seek input on software security, configuration changes

    Authorities are seeking public comment on steps the software industry can take to make their products more resistant to malicious threat activity.

    By Oct. 17, 2024
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Image attribution tooltip

    CISA adds SolarWinds flaw to exploited vulnerabilities catalog

    A hardcoded credentials vulnerability in SolarWinds Web Help Desk lets attackers read and modify sensitive help desk ticket information.

    By Oct. 16, 2024
  • An image of a digital lock is shown
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Critical CVE in 4 Fortinet products actively exploited

    CISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the company.

    By Oct. 14, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA’s vulnerability management program spotted 250 critical CVEs in 2023

    The 51 federal civilian agencies involved in the program remediated 872 vulnerabilities last year, up 78% increase from 2022, according to CISA.

    By Oct. 4, 2024
  • Cyberhackers-Ransomware
    Image attribution tooltip
    (Gorodenkoff) via Getty Images
    Image attribution tooltip

    Ivanti up against another attack spree as hackers target its endpoint manager

    Ivanti customers are facing a new series of exploitation attempts after the company pledged in April to launch a comprehensive overhaul of its internal security practices.

    By Oct. 3, 2024
  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CUPS vulnerability, a near miss, delivers another warning for open source

    While a major crisis was averted, the disclosures may open up needed conversations about transparency and coordination, according to researchers.

    By Sept. 30, 2024
  • Printer
    Image attribution tooltip
    Simonkr via Getty Images
    Image attribution tooltip

    A quartet of Linux CVEs draws exploit fears among open source community

    Attackers can use the chained vulnerabilities to execute remote commands after a user initiates a print job.

    By Sept. 27, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA catalog falls short on CVEs targeted by Flax Typhoon

    A report by VulnCheck highlights the ongoing backlog in identifying active exploitation of CVEs.

    By Sept. 24, 2024
  • A digital blue fingerprint lifted being lifted off a mirrored surface against a black background. Binary code makes up the fingerprint.
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Attackers exploit second Ivanti Cloud Service Appliance flaw for more access

    Hackers are exploiting the vulnerability in tandem with a previously disclosed CVE, to bypass authentication measures and take control of an affected system.

    By Sept. 20, 2024
  • Hand grabbing password out of blurred code.
    Image attribution tooltip
    LuisPortugal/Getty Images Plus via Getty Images
    Image attribution tooltip

    Valid accounts remain top access point for critical infrastructure attacks, officials say

    CISA attributed 2 in 5 successful intrusions to valid account abuse last year, but that is down from 2022.

    By Sept. 17, 2024
  • An image of a digital lock is shown
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance

    Version 4.6 has reached end of life and the company is urging customers to upgrade to version 5.0 to receive support.

    By Sept. 16, 2024
  • Two Female Colleagues Fondly Talk to Each Other, Laugh and Smile while Working on Computers in Diverse Modern Business Office
    Image attribution tooltip

    stock.adobe.com/Gorodenkoff

    Image attribution tooltip
    Sponsored by Code42, now a part of Mimecast

    Keeping data secure in the age of generative AI

    Generative AI is reshaping industries, but with innovation comes new data security challenges. Are your cybersecurity practices keeping up?

    By Rob Juncker, CTO of Code42, now part of Mimecast • Sept. 16, 2024
  • A computer in the foreground shows a blue screen with the words "recovery," and in the background people with suitcases walk by in front of large windows overlooking an airport tarmac.
    Image attribution tooltip
    Nathan Howard / Stringer via Getty Images
    Image attribution tooltip

    Microsoft, working with security partners, pledges better deployment, testing collaboration

    Following a summit with U.S. and European partners, the company is working to build additional resiliency features to prevent a repeat of the historic global IT outage linked to CrowdStrike.

    By Updated Sept. 13, 2024
  • Two male electrical engineers in safety uniform work together at a factory site control room.
    Image attribution tooltip
    CandyRetriever via Getty Images
    Image attribution tooltip

    Most OT environments have at least 4 remote access tools, report finds

    Claroty warned the prevalence of remote access tool sprawl, often linked to ransomware, raises the risk of malicious activity.

    By Sept. 12, 2024
  • A close up of a cursor arrow hovering over an X on a screen, pixelated with red, blue and green colors.
    Image attribution tooltip
    ar-chi via Getty Images
    Image attribution tooltip

    How to manage the rising tide of CVEs

    As the volume and complexity of vulnerabilities grows, organizations are struggling to manage and mitigate the security defects. 

    By Rosalyn Page • Sept. 11, 2024
  • Illustration of locks layered above circuity.
    Image attribution tooltip
    Traitov/iStock/Getty via Getty Images
    Image attribution tooltip

    SonicWall firewall CVE exploits linked to ransomware attacks

    Active exploits aimed at firewalls mark yet another string of attacks targeting devices with high-value initial access, researchers said.

    By Sept. 10, 2024
  • FBI seal displayed on a wall
    Image attribution tooltip
    Chip Somodevilla/Getty Images via Getty Images
    Image attribution tooltip

    Feds warn of broad Russia-linked CVE exploits targeting critical infrastructure

    Attackers operating under the direction of Russia’s military intelligence service are targeting governments, finance, transportation, energy and healthcare.

    By Sept. 6, 2024
  • Telecom network above a city
    Image attribution tooltip
    NicoElNino via Getty Images
    Image attribution tooltip

    Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs

    Researchers from Black Lotus Labs warn the state-linked adversary is exploiting a vulnerability in Versa Director using custom web shells against the telecom sector.

    By Aug. 28, 2024
  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    CISA warns of active exploits hitting popular CI/CD tool Jenkins

    Researchers at CloudSEK and Juniper Networks said a ransomware group targeted Brontoo Technology Solutions by exploiting the critical CVE. The attack disrupted banks in India.

    By Aug. 20, 2024
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Image attribution tooltip

    SolarWinds Web Help Desk CVE scores a 9.8

    SolarWinds urged customers to patch the vulnerability that could allow an attacker to run commands on a host machine, while CISA added the CVE to its KEV catalog.

    By Aug. 16, 2024
  • A blue Windows error message caused by the CrowdStrike software update is displayed on a screen in a bus shelter on July 22, 2024 in Washington, DC. Four days after CrowdStrike issued a faulty software upgrade that impacted an estimated 8.5 million Microsoft devices around the world.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Microsoft Windows CVE triggers blue screen of death, researchers find

    Researchers from Fortra on Monday disclosed the flaw in the common log file system, which can lead to repeated crashes and potential data loss. 

    By Updated Aug. 13, 2024