Security Bulletin

Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.

Security pros say this flaw could be integrated into a botnet, so teams should patch immediately.

The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.

Discover how MSPs can leverage Cisco ThousandEyes to create tiered services, enhance DXA, and deliver proactive solutions for optimal network performance and customer satisfaction. Transform your offerings and drive success.

The funds from Germany's Sovereign Tech Fund will be used to integrate zero-trust capabilities, tools for software bill of materials, and other security features.

No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats

Ongoing gaps in the U.S. cybersecurity workforce that have left nearly half a million jobs unfilled have prompted the Office of the National Cyber Director to introduce the new Service for America cyber hiring sprint that would link jobseekers to...

Zero-trust implementation has been 87% completed across federal agencies on average ahead of the September 30 deadline.

Such a vulnerability evades fixes issued for previous OFBiz bugs, tracked as CVE-2024-38856, CVE-2024-36104, and CVE-2024-32113, all of which have resulted from a fragmentation issue within the controller-view map that could allow unauthenticated...

Exploitation of the flaw, which stems from LiteSpeed Cache's debug logging functionality, could be conducted by attackers with '/wp-content/debug.log' file access to exfiltrate users' session cookies, spoof admin users, and takeover websites.

Individuals' full names, birthdates, phone numbers, ID numbers, email addresses, home addresses, vehicle identification numbers, car brands and models, engine numbers, and vehicle colors were leaked by the unsecured Elasticsearch instance.

Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 could enable the acquisition of log files with credentials...