Tag: Patching
NIST’s Vuln Database Downshifts, Prompting Questions About Its Future
Since 2005, the National Vulnerability Database (NVD) has been posting details about the hundreds of daily common vulnerabilities and exposures (CVEs) discovered by security researchers...
Breaking News
Critical TeamCity Bugs Endanger Software Supply Chain
Cloud versions of the JetBrains TeamCity software development platform manager have already been updated against a new pair of critical vulnerabilities, but on-premises deployments...
Vulnerabilities in business VPNs under the spotlight
Virtual Private Network (VPN) services have emerged as essential tools for modern businesses in recent years, doubly so since helping save the day for...
‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers
A threat actor is targeting organizations running Apache Hadoop and Apache Druid big data technologies with a new version of the Lucifer botnet, a...
CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout
Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we'll offer articles...
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks
The Raspberry Robin worm is incorporating one-day exploits almost as soon as they're developed, in order to improve on its privilege escalation capabilities. Researchers from...
Patch Now: Critical TeamCity Bug Allows for Server Takeovers
JetBrains has patched a critical security vulnerability in its TeamCity On-Premises server that can allow unauthenticated remote attackers to gain control over an affected...
Q&A: Tel Aviv Railway Project Bakes In Cyber Defenses
Railway networks are suffering an increase in cyberattacks, most notably the August 2023 incident in which hackers infiltrated the radio frequency communications of Poland's...
FritzFrog Botnet Exploits Log4Shell on Overlooked Internal Hosts
A new variant of an advanced botnet called "FritzFrog" has been spreading via Log4Shell.It's been more than two years since the critical vulnerability in...
More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll
Ivanti has finally begun patching a pair of zero-day security vulnerabilities disclosed on Jan. 10 in its Connect Secure VPN appliances. However, it also...
PoC Exploits Heighten Risks Around Critical New Jenkins Vuln
Some 45,000 Internet-exposed Jenkins servers remain unpatched against a critical, recently disclosed arbitrary file-read vulnerability for which proof-of-exploit code is now publicly available.CVE-2024-23897 affects...
Assessing and mitigating cybersecurity risks lurking in your supply chain
Business Security Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective...