Microsoft releases long sought patch for Office Follina zero day as CISA, customers assess impact

The fix comes two weeks after the industry was forced to improvise with a workaround solution, while nation-state and criminal actors exploited the vulnerability.

By David Jones • June 15, 2022

Microsoft resolves critical vulnerability in Azure Synapse after prior patches fall short

Orca Security warned in January that attackers could gain remote code execution, taking over tenant workspaces.

By David Jones • June 14, 2022

Tenable CEO calls out Microsoft on lack of transparency on vulnerabilities

Amit Yoran claims Microsoft failed to acknowledge a critical vulnerability in Azure until Tenable said it would go public.

By David Jones • June 13, 2022

5 takeaways from the RSA Conference

The event tried to pick up where it left off 28 months ago. Can defenders keep up with the accelerated pace and scale of the cyber threat?

By Matt Kapko • June 13, 2022

Threat actors deploy new attack methods as Microsoft Follina vulnerability lingers

Researchers discover new vectors, including the use of remote access trojan AsyncRAT.

By David Jones • June 10, 2022

FBI, CISA issue warning on China-backed cyber threats against the telecom industry

State-sponsored actors are targeting small and home office networking equipment for access.

By David Jones • June 8, 2022

Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation

The threat activity comes days after Atlassian released a security fix for the on-premise vulnerability.

By David Jones • June 7, 2022

Atlassian releases fix for critical zero day impacting Confluence

Attackers could take control of affected devices without need for authentication.

By David Jones • June 3, 2022

CISA issues warning after critical zero day hits Atlassian's Confluence

No patch or workaround is currently available and federal agencies are required to disconnect from the product.

By David Jones • June 3, 2022

Food supplier cyber risk spreads 1 year after JBS attack

Ransomware attacks target common vulnerabilities like legacy OT systems and equipment that lacks modern security tools.

By Matt Kapko • June 2, 2022

Microsoft zero day under attack as industry awaits patch

One threat actor has been exploiting the Follina vulnerability to deliver malware, Proofpoint researchers said Tuesday.

By David Jones • Updated June 8, 2022

Microsoft Office zero day leaves researchers scrambling over the holiday weekend

The company warns a successful attack could allow an attacker to install programs, delete data or create new accounts. 

By David Jones • Updated May 31, 2022

Persistent vulnerabilities put VMware on the defense

Recent flaws earned the company CISA's 10th emergency directive, the latest in a series of potential high-impact flaws for enterprise users.

By Matt Kapko • May 27, 2022

Feds release grim reminder: Threat actors prey on basic security mishaps

Federal authorities and U.S. allies admonished companies to tighten weak controls and configurations.

By David Jones • May 20, 2022

Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours

Even with new patches available, CISA is concerned that threat actors will easily shake off the fixes once again.

By Matt Kapko • Updated June 2, 2022

Tech giants pledge multimillion down payment to secure open source

Top technology companies offered $30 million toward a two-year goal to bolster software supply chain security.

By David Jones • May 13, 2022

Critical CVEs put Aruba Networks, Avaya enterprise switches at risk

Researchers previously found similar vulnerabilities in Smart-UPS devices.

By David Jones • May 3, 2022

Familiar names top 2021's most-exploited vulnerabilities list

Top ransomware operators, including Hive and Conti, are exploiting flawed systems to launch new attacks, researchers warn.

By David Jones • May 2, 2022

IT leaders remain bullish on open source despite security hiccups

Enterprise adoption of open source has not cooled, but flaws have highlighted the need for a better understanding of dependencies.

By Brian Eastwood • April 25, 2022

Merchants prioritize fraud prevention as fraud costs, impact to businesses rise

Merchants are grappling with which tools to use, which are most effective and how to balance rising fraud attacks on a limited budget without hampering CX.   

April 25, 2022

AWS reissues Log4Shell hotpatch after vulnerabilities found

Researchers warn attackers can escape containers and escalate privileges.

By David Jones • April 22, 2022

Threat detection accelerates in Asia, Europe, as notification trends shift

Median dwell time fell as organizations boosted cybersecurity defenses, shared threat intelligence.

By David Jones • April 19, 2022

Construction sector mulls cyber risk: hackers toying with materials

Structural integrity specs in automated systems could become a target. Here's how companies like Trimble, Procore and Autodesk are preparing.

By Sebastian Obando • March 31, 2022

Big tech is fixing bugs faster. Will that influence trickle down?

If a customer lacks urgency in deploying a patch, a flaw can linger. 

By Sue Poremba • March 25, 2022

Russian state-sponsored actors target PrintNightmare, MFA settings

ESET researchers are separately warning about new data wiping malware.

By David Jones • March 16, 2022