Cisco firewalls exploited by state-sponsored hackers
According to the security watchdogs of the United Kingdom, Canada and Australia, unknown state hackers have been behind attacks on Cisco firewalls since November 2023. Through these breaches, the attackers have deployed malware for espionage purposes.
Cisco has now confirmed these infiltrations.... Read more
‘One in three applications contains serious vulnerability’
One in three applications contains a major or critical vulnerability. Outdated software, failure to install updates and lack of multifactor authentication are the biggest culprits.
These are the most important findings in a study by Dutch security company Computest about the state of application... Read more
Java highly vulnerable relative to other programming languages
Among widely used programming languages, Java appears to be the most susceptible to third-party vulnerabilities. Datadog research shows that DevSecOps adoption is crucial to avoiding the creation of cyber threats.
Datadog draws this conclusion in its annual State of DevSecOps report. Third-party... Read more
Microsoft update fixes already exploited vulnerabilities
Microsoft has fixed a number of already exploited vulnerabilities in its monthly Patch Tuesday update. The most important is CVE-2024-26234, which allows malicious actors to monitor and intercept network traffic.
In the April 2024 security update with 190 enhancements, Microsoft states that the ... Read more
Supply chain risks are becoming an ever larger problem for businesses
The increasing complexity of IT environments is leading to more hidden cyber threats. The risk of cyberattacks and data breaches through the software supply chain is hard to ward off, according to research by JFrog.
To point out how cluttered corporate IT infrastructures can be today, JFrog cite... Read more
Unpatched JetBrains TeamCity On-Premises servers attacked en masse
Hackers are massively exploiting vulnerabilities recently found in JetBrains' TeamCity On-Premises CI/CD platform. According to LeakIX and GreyNoise, as many as 1,400 of the 1,700 unpatched instances have been compromised.
The critical vulnerabilities CVE-2024-27198 and CVE-2024-27199 recently f... Read more
‘Zombie code’ leads to long-term unpatched vulnerabilities
According to a recent study by Synopsys, outdated code components lurking in codebases, commonly referred to as "zombie code," pose a significant risk by harboring unpatched vulnerabilities for extended periods.
In their Open Source Security and Risk Analysis study, Synopsys researchers highligh... Read more
Bug affects Linux systems: major risk to firmware
The vulnerability allows hackers to execute code early in a device's boot. Virtually all Linux distributions are affected by this bug.
Security developer Matthew Garrett warns of this. The vulnerability is in shim, a component that runs during the boot process. Shim performs tasks even before th... Read more
Canon finally patches old vulnerabilities in printers
Canon has recently fixed some long-known vulnerabilities in its own printers via a patch. Printers still appear to be an attack surface that is too easily overlooked.
Canon has recently patched seven critical vulnerabilities in its multifunction and laser printers. The vulnerabilities came to li... Read more
Number of vulnerabilities in WordPress plugins doubled
The number of vulnerabilities in plugins and themes for WordPress has increased significantly over the past year. There is almost a doubling compared to 2022.
That's according to research by WordFence. 4,833 vulnerabilities were identified for the entire WordPress ecosystem in the past year. The... Read more