Internet appliance maker Ivanti warned customers Tuesday that attackers are actively exploiting new vulnerabilities in Cloud Services Appliance instances by chaining three security flaws with a zero-day patched in September. The company advised customers to update to version 5.0.
Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code.
Thousands of online stores running Adobe Commerce and Magento software have been hacked since the summer and infected with digital payment skimmers by attackers targeting a vulnerability known as CosmicSting. While patched by Adobe in June, users also need to forcibly invalidate stolen credentials.
Jana Partners has raised its stake in cybersecurity vendor Rapid7 to 13% and is pushing for the company to consider selling itself. The activist investor teamed up with Cannae Holdings and is engaged in discussions with Rapid7's management to explore operational improvements and board restructuring.
In the latest weekly update, ISMG editors discussed Microsoft's major cybersecurity overhaul in the wake of some high-profile breaches, the latest developments from CrowdStrike's global outage hearing and the expanding U.S.-led coalition against spyware abuse in the EU.
Customers of internet appliance maker Ivanti face yet another hackable vulnerability. The Utah company warned customers Friday about exploitation of a Cloud Service Appliance detected in the wild. Ivanti said the vulnerability doesn't affect version 5; it released a patch on Sept. 10.
Microsoft has issued a slew of software updates to patch numerous flaws, including three zero-day vulnerabilities that are already being exploited via in-the-wild attacks. Another fix addresses a prior update that inadvertently reintroduced vulnerable components to Windows 10.
Progress Software released an urgent patch Thursday to fix a critical vulnerability that hackers could exploit to launch remote attacks. The company is no stranger to urgent patching. It was at the center of a Memorial Day 2023 mass hacking incident.
Security experts are urging all Veeam Backup & Replication users to immediately update their software to patch a flaw that attackers can remotely exploit to take full control of a system. Experts say ransomware groups likely will target the critical-severity vulnerability for double extortion.
Absolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.
Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.
Cybercriminals are using a critical remote code execution vulnerability in an open-source geospatial data platform to spread malware globally across several industries. GeoServer Project maintainers released a patch on July 1. The vulnerability has a CVSS score of 9.8 out of 10.
A hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.
SafeBreach security researcher Alon Leviev discusses how downgrade attacks expose vulnerabilities in Windows systems. He shares insights into how attackers manipulate Windows Update processes and stresses the importance of monitoring and securing critical system components to prevent exploitation.
Russian hackers are leveraging unpatched vulnerabilities to exploit networks for more than 20 months. Michael Sikorski, VP of threat intelligence at Palo Alto Networks, shares insights on ransomware gangs, AI's role in attacks and the importance of defense-in-depth strategies for organizations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.