-
Microsoft Outlook December updates trigger ICS security alerts
Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
- February 05, 2024
- 05:03 PM
2
-
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday.
- February 01, 2024
- 08:49 AM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Ivanti warns of new Connect Secure zero-day exploited in attacks
Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
- January 31, 2024
- 08:41 AM
- 0
-
FBI: Tech support scams now use couriers to collect victims' money
Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams.
- January 29, 2024
- 11:31 AM
- 0
-
Ivanti: VPN appliances vulnerable if pushing configs after mitigation
Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.
- January 22, 2024
- 01:24 PM
- 0
-
VMware confirms critical vCenter flaw now exploited in attacks
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
- January 19, 2024
- 08:22 AM
- 0
-
CISA: Critical Ivanti auth bypass bug now actively exploited
CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation.
- January 18, 2024
- 03:51 PM
- 0
-
LastPass now requires 12-character master passwords for better security
LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security.
- January 03, 2024
- 12:11 PM
- 3
-
FBI: Play ransomware breached 300 victims, including critical orgs
The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities.
- December 18, 2023
- 11:24 AM
- 0
-
CISA urges tech manufacturers to stop using default passwords
Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords.
- December 15, 2023
- 02:01 PM
- 1
-
3CX warns customers to disable SQL database integrations
VoIP communications company 3CX warned customers today to disable SQL database integrations due to potential risks associated with what it describes as a potential vulnerability.
- December 15, 2023
- 12:30 PM
- 0
-
Microsoft: OAuth apps used to automate BEC and cryptomining attacks
Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining.
- December 12, 2023
- 06:53 PM
- 0
-
US Health Dept urges hospitals to patch critical Citrix Bleed bug
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.
- December 02, 2023
- 10:09 AM
- 0
-
Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
- November 21, 2023
- 11:36 AM
- 0
-
FBI and CISA warn of opportunistic Rhysida ransomware attacks
The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors.
- November 15, 2023
- 12:46 PM
- 0
-
CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
- November 13, 2023
- 12:23 PM
- 0
-
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
- November 02, 2023
- 05:46 PM
- 0
-
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
- October 31, 2023
- 02:04 PM
- 0
-
VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).
- October 24, 2023
- 10:53 AM
- 0
-
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability.
- October 23, 2023
- 02:20 PM
- 0
