Europe's Ransomware Surge Is a Warning Shot for US Defenders
We can strip attackers of their power by implementing layered defenses, ruthless patch management, and incident response that assumes failure and prioritizes transparency.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
We can strip attackers of their power by implementing layered defenses, ruthless patch management, and incident response that assumes failure and prioritizes transparency.
Two critical N-able vulnerabilities enable local code execution and command injection, and require authentication to exploit, suggesting they wouldn't be seen at the beginning of an exploit chain.
The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
Several versions of PostgreSQL are impacted, and customers will need to upgrade in order to patch.
Though the critical vulnerability was patched in August, Ivanti is reminding customers to update as soon as possible as attacks from unauthenticated threat actors start circulating.
A seven-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.
Although not yet exploited in the wild, the max-critical authentication bypass bug could allow adversaries to take over unpatched Juniper Session Smart Routers and Conductors, and WAN Assurance Routers, the company warns.
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
CISA advisory warns of critical ICS device flaws, but a lack of available fixes leaves network administrators on defense to prevent exploits.
Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch.
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow.
Atlassian CISO warns Confluence Data Center and Server customers they're vulnerable to "significant data loss" if all on-premises versions aren't patched.
Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.
Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.
Unpatched Pixel devices are at risk for escalation of privileges, Google warns.
A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.
Last month attackers quickly reverse-engineered VMWare patches to launch RCE attacks. CISA warns it's going to happen again.
"Go patch your systems before" the exploit spreads more widely, ZDI warns.