Researchers warn of critical vulnerability in Fortinet firewalls
Security researchers warn that hundreds of thousands of Fortinet firewalls are vulnerable to cyber attacks. The firewalls have not yet been patched after a critical vulnerability was discovered in June.
According to Bishop Fox, 490,000 affected devices are open to the Internet, some 69% of which... Read more
MITRE: access management vulnerabilities pose increasing threat
Memory-related bugs are still the most dangerous software vulnerabilities, MITRE concludes. The annual top 25 also shows that in the year 2023, we must increasingly watch out for bugs relating to authentication and authorization steps.
The top three remain unchanged in MITRE's CWE Top 25 Most Da... Read more
Research shows Millions of GitHub repos vulnerable to RepoJacking
A vulnerability in GitHub repos allows attackers to deploy supply chain attacks that could impact a large number of users, according to researchers.
New research by Aqua Security shows that 9 million of GitHub repositories are potentially vulnerable to an attack dubbed "RepoJacking". The researc... Read more
VMware warns of exploited vRealize vulnerability
VMware has confirmed that threat actors have exploited a vRealize vulnerability. CVE-2023-20887 had been discovered "in the wild" by cybersecurity firm GreyNoise. It had brought this out via a blog post last week.
VMware's vRealize Suite is a software platform that helps IT admins set up hybrid ... Read more
Serious Azure Active Directory vulnerability resolved by Microsoft
Microsoft has fixed an exploit in Azure Active Directory (AD) authentication. The vulnerability allowed intruders to escalate account privileges and control the entire account.
Organizations deploy Azure AD to control user access. Examples include providing the backend for Office 365 users or ce... Read more
Mandiant: ‘China deployed Barracuda vulnerability as spy tool’
According to Mandiant, Chinese state-sponsored hackers exploited the vulnerability in Barracuda ESG devices. The hackers created victims in at least 16 countries and a high number of government agencies were affected.
Mandiant was put in charge of investigating vulnerability CVE-2023-2868. Firs... Read more
New Android security update fixes 5 critical security vulnerabilities
The latest update from Google fixes the most severe threat of the Mali GPU bug exploited as zero-day.
This week Google issued a security update that addresses dozens of vulnerabilities, including five that are deemed "critical" in their severity by the US Cybersecurity and Infrastructure Securit... Read more
Critical vulnerability in file transfer service MOVEit
A vulnerability in Progress' managed file transfer service MOVEit is currently being actively exploited. U.S. cybersecurity regulator CISA is calling for patching as soon as possible.
MOVEit is specifically designed to provide compliant file-sharing with sensitive data. To do this, the service c... Read more
Barracuda leaves Email Security Gateway undiscovered for months
Barracuda Networks recently discovered a vulnerability in its Email Security Gateway. The vulnerability has been open for the last eight months without a patch being released, according to its own research.
Barracuda's Email Security Gateway (ESG) has not been as secure as it should have been fo... Read more
Rezilion helps customers be less vulnerable through Smart Fix
The Smart Fix tool for the Rezilion platform helps companies more easily follow the right strategy for understanding and fixing vulnerabilities in software components. The tool also helps make this happen completely automatically.
Rezilion is a startup in the field of automation tooling for DevS... Read more