Security Bulletin

Discover how MSPs can leverage Cisco ThousandEyes to create tiered services, enhance DXA, and deliver proactive solutions for optimal network performance and customer satisfaction. Transform your offerings and drive success.

The funds from Germany's Sovereign Tech Fund will be used to integrate zero-trust capabilities, tools for software bill of materials, and other security features.

No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats

Ongoing gaps in the U.S. cybersecurity workforce that have left nearly half a million jobs unfilled have prompted the Office of the National Cyber Director to introduce the new Service for America cyber hiring sprint that would link jobseekers to...

Zero-trust implementation has been 87% completed across federal agencies on average ahead of the September 30 deadline.

Such a vulnerability evades fixes issued for previous OFBiz bugs, tracked as CVE-2024-38856, CVE-2024-36104, and CVE-2024-32113, all of which have resulted from a fragmentation issue within the controller-view map that could allow unauthenticated...

Exploitation of the flaw, which stems from LiteSpeed Cache's debug logging functionality, could be conducted by attackers with '/wp-content/debug.log' file access to exfiltrate users' session cookies, spoof admin users, and takeover websites.

Individuals' full names, birthdates, phone numbers, ID numbers, email addresses, home addresses, vehicle identification numbers, car brands and models, engine numbers, and vehicle colors were leaked by the unsecured Elasticsearch instance.

Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 could enable the acquisition of log files with credentials...

Immediate withdrawal and deposit takedowns, as well as notifications to the FBI's Internet Crime Complaint Center and the Singaporean police have been conducted by Penpie following the theft on Tuesday.

As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source...

More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.