newsCommand-and-control framework PhonyC2 attributed to Iran’s Muddywater groupPhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat30 Jun 20234 minsAdvanced Persistent ThreatsCyberattacksVulnerabilities news analysis Npm ecosystem vulnerable to new manifest confusion attackBy Lucian Constantin29 Jun 20236 minsDevSecOpsVulnerabilitiesOpen Sourcenews analysis Critical flaw in VMware Aria Operations for Networks sees mass exploitationBy Lucian Constantin26 Jun 20233 minsCyberattacksNetwork SecurityVulnerabilities newsMillions of GitHub repositories vulnerable to RepoJacking: ReportBy Apurva Venkat 23 Jun 20234 minsMalwareGitHubVulnerabilities newsWestern Digital blocks unpatched My Cloud devicesBy Shweta Sharma 20 Jun 20233 minsCloud SecurityCloud SecurityVulnerabilities newsTrend Micro adds generative AI to Vision One for enhanced XDRBy Michael Hill 19 Jun 20235 minsThreat and Vulnerability ManagementGenerative AIData and Information Security news analysisUS feds stress urgent MOVEit platform patching after attacks hit agenciesBy Cynthia Brumfield 19 Jun 20237 minsGovernmentCyberattacksData and Information Security news analysisMOVEit Transfer developer patches more critical flaws after security auditBy Lucian Constantin 13 Jun 20233 minsVulnerabilities newsBarracuda urges customers to replace vulnerable appliances immediatelyBy Shweta Sharma 08 Jun 20232 minsEmail SecurityMalwareZero-day vulnerability ArticlesnewsHackers exploit WordPress vulnerability within hours of PoC exploit releaseThe exploitation of the vulnerability leads to a cross-site scripting (XSS) attack in which a threat actor can inject malicious scripts, redirects, advertisements, and other forms of URL manipulation into a victim site.By Apurva Venkat 15 May 2023 3 minsZero-day vulnerabilityVulnerabilitiesnews analysisMicrosoft fixes bypass for critical Outlook zero-click flaw patchMicrosoft rates the new Outlook vulnerability as medium severity, but Akamai researchers say it should be higher.By Lucian Constantin 10 May 2023 5 minsEmail SecurityZero-day vulnerabilityMicrosoftnews analysisAzure API Management flaws highlight server-side request forgery risks in API developmentNew SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.By Lucian Constantin 05 May 2023 8 minsMicrosoft AzureApplication SecurityVulnerabilitiesnewsMicrosoft patches 3 vulnerabilities in Azure API ManagementThe vulnerabilities comprise url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, according to cybersecurity firm Ermetic. By Apurva Venkat 05 May 2023 3 minsVulnerabilitiesnews analysisCybercrime group FIN7 targets Veeam backup serversAt least two Veeam instances have been compromised, possibly using a vulnerability patched in March.By Lucian Constantin 28 Apr 2023 4 minsCybercrimeVulnerabilitiesnews analysisNew DDoS amplification vector could enable massive attacksA vulnerability in the Service Location Protocol on internet-connected devices could create a DDoS amplification factor of up to 2200X.By Lucian Constantin 25 Apr 2023 5 minsDDoSVulnerabilitiesnews analysisCisco patches high and critical flaws across several productsLeft unmitigated, the vulnerabilities could lead to unauthorized remote access, denial of service attacks, or privilege escalation.By Lucian Constantin 21 Apr 2023 4 minsNetwork SecurityVulnerabilitiesnewsWeak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risksSecurity teams take an average of 145 hours to solve alerts, while 80% of cloud alerts are triggered by just 5% of security rules in most environments.By Michael Hill 18 Apr 2023 4 minsCloud SecurityVulnerabilitiesnewsMicrosoft patches vulnerability used in Nokoyawa ransomware attacksThe vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System driver.By Apurva Venkat 13 Apr 2023 3 minsRansomwareZero-day vulnerabilityMicrosoftnews analysisWhy you should patch the Windows QueueJumper vulnerability immediatelyA critical flaw in Microsoft Message Queuing Service is likely to be exploited as many organizations could be unaware that it is active.By Lucian Constantin 12 Apr 2023 4 minsWindows SecurityZero-day vulnerabilityVulnerabilitiesnewsOpenAI starts bug bounty program with cash rewards up to $20,000Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries. By Apurva Venkat 12 Apr 2023 4 minsChatbotsVulnerabilitiesnews analysisCISA warns of critical flaws in ICS and SCADA software from multiple vendorsSome of the vulnerabilities could allow attackers to access systems with ease. Patches are not available for all the flaws. By Lucian Constantin 07 Apr 2023 4 minsCritical InfrastructureVulnerabilities Show more Show less View all Resources whitepaper The shift to a security approach for the full application stack This whitepaper discusses how technologists can optimize security for modern application stacks. The post The shift to a security approach for the full application stack appeared first on Whitepaper Repository. By WWT & AppDynamics 05 May 2023Application Performance ManagementEmerging TechnologyIT Management View all Video on demand videoPrinters: The overlooked security threat in your enterprise | TECHtalkPrinters, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online's J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network. 07 Nov 2019 20 minsHackingPrintersVulnerabilities Don't ignore application security | Salted Hash Ep 35 23 Jul 2018 18 minsApplication SecurityVulnerabilitiesSecurity The Dyn cyberattack, one year later | Salted Hash Ep 11 11 Dec 2017 22 minsCybercrimeInternet of ThingsVulnerabilities See all videos Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management View all topics All topics Close Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Generative AI Show me morePopularArticles opinion What is the dark web? How to access it and what you'll find By Darren Guccione 01 Jul 202111 mins Data BreachTechnology IndustryCybercrime