Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited

The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.

By Matt Kapko • Nov. 22, 2024

Palo Alto Networks customers grapple with another actively exploited zero-day

The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.

By Matt Kapko • Nov. 19, 2024

Federal probe finds vulnerabilities across more than 300 US water systems

The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.

By David Jones • Nov. 19, 2024

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.

By Matt Kapko • Nov. 15, 2024

Microsoft revamps how it will disclose vulnerabilities

The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs.

By David Jones • Nov. 15, 2024

Citrix Session Recording users warned of CVEs that allow hackers to gain control

Security researchers at watchTowr discovered the flaw and claim attackers can gain access without authentication, a finding which Citrix disputes.

By David Jones • Nov. 13, 2024

Zero-days from top security vendors were most exploited CVEs in 2023

The top five vulnerabilities exploited by attackers last year were found in security gear from Citrix, Cisco and Fortinet, the Five Eyes’ cyber agencies found.

By Matt Kapko • Nov. 13, 2024

Critical Veeam CVE targeted by new ransomware variant

Multiple ransomware variants are now targeting the CVE, which has a CVSS of 9.8. For customers, the risk of exploitation is only increasing.

By Matt Kapko • Nov. 12, 2024

The company you keep: your most trusted vendor could be your biggest security risk

Your trusted vendor might be your biggest security risk. Learn how to mitigate third-party threats.

By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber, Imprivata • Nov. 11, 2024

Fortinet finds more malicious IPs linked to widely exploited zero-day

The cybersecurity vendor said the additional indicators of compromise don’t reflect any major changes. Researchers warn thousands of devices remain exposed.

By Matt Kapko • Oct. 31, 2024

Poor vulnerability management could indicate larger cyber governance issues, S&P says

Companies that fail to properly mitigate security vulnerabilities are leaving themselves open to malicious activity, the research firm said.

By David Jones • Oct. 29, 2024

Cisco warns actively exploited CVE can lead to DoS attacks against VPN services

The company warned the threat activity is linked to previously disclosed brute-force attacks beginning in March.

By David Jones • Oct. 28, 2024

Critical Veeam CVE actively exploited in ransomware attacks

Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data backup and recovery vendor.

By Matt Kapko • Oct. 22, 2024

Microsoft confirms partial loss of security log data on multiple platforms

The company previously expanded free access to security logs on several platforms, including Purview, following the 2023 state-linked hack of Exchange Online.

By David Jones • Oct. 18, 2024

FBI, CISA seek input on software security, configuration changes

Authorities are seeking public comment on steps the software industry can take to make their products more resistant to malicious threat activity.

By David Jones • Oct. 17, 2024

CISA adds SolarWinds flaw to exploited vulnerabilities catalog

A hardcoded credentials vulnerability in SolarWinds Web Help Desk lets attackers read and modify sensitive help desk ticket information.

By David Jones • Oct. 16, 2024

Critical CVE in 4 Fortinet products actively exploited

CISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the company.

By David Jones • Oct. 14, 2024

CISA’s vulnerability management program spotted 250 critical CVEs in 2023

The 51 federal civilian agencies involved in the program remediated 872 vulnerabilities last year, up 78% increase from 2022, according to CISA.

By Matt Kapko • Oct. 4, 2024

Ivanti up against another attack spree as hackers target its endpoint manager

Ivanti customers are facing a new series of exploitation attempts after the company pledged in April to launch a comprehensive overhaul of its internal security practices.

By David Jones • Oct. 3, 2024

CUPS vulnerability, a near miss, delivers another warning for open source

While a major crisis was averted, the disclosures may open up needed conversations about transparency and coordination, according to researchers.

By David Jones • Sept. 30, 2024

A quartet of Linux CVEs draws exploit fears among open source community

Attackers can use the chained vulnerabilities to execute remote commands after a user initiates a print job.

By David Jones • Sept. 27, 2024

CISA catalog falls short on CVEs targeted by Flax Typhoon

A report by VulnCheck highlights the ongoing backlog in identifying active exploitation of CVEs.

By David Jones • Sept. 24, 2024

Attackers exploit second Ivanti Cloud Service Appliance flaw for more access

Hackers are exploiting the vulnerability in tandem with a previously disclosed CVE, to bypass authentication measures and take control of an affected system.

By David Jones • Sept. 20, 2024

Valid accounts remain top access point for critical infrastructure attacks, officials say

CISA attributed 2 in 5 successful intrusions to valid account abuse last year, but that is down from 2022.

By Matt Kapko • Sept. 17, 2024

Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance

Version 4.6 has reached end of life and the company is urging customers to upgrade to version 5.0 to receive support.

By David Jones • Sept. 16, 2024