Get Out of Security Debt by Tackling the Exposure Problem
Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
An emerging threat cluster tracked as UAT-10608 is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to exfiltrate credentials, secrets, and other system data.
Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors.
Researcher Gjoko Krstic’s "Project Brainfog" exposed hundreds of zero-day vulnerabilities in building-automation systems still running hospitals, schools, and offices worldwide.
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks.
Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be exposed to a vulnerable Bluetooth implementation called "PerfektBlue."
A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%.
The addition of Solvo CSPM to CYE Hyver aims to address need for multi-cloud vulnerability monitoring and risk assessment.
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
The unpatched security vulnerability, which doesn't have a CVE yet, is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.
The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.
Creo Elements/Direct License Servers, which enable industrial design and modeling software, are exposed to the Internet, leaving critical infrastructure vulnerable to remote code execution.
Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade.
Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover.
Misconfigurations, insecure services leave United Arab Emirates organizations and critical infrastructure vulnerable to bevy of cyber threats.
A decade after Stuxnet, vulnerabilities in OT systems and programmable logic controllers remain exposed.
Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure.
In this Black Hat Europe preview, devices bridging critical machinery with the wider Internet are exposed and subject to numerous supply chain-induced bugs.
More than 3,000 systems are exposed and vulnerable to attack on the Internet.