My TechDecisions

Search Results: heartbleed

Log4j, Older Vulnerabilities, CISA KEV

These Dangerous Vulnerabilities on CISA’s KEV List Are Still Being Widely Exploited

Despite patches being available for most of the bugs in CISA's Known Exploited Vulnerabilities catalog, many devices remain unpatched.

April 3, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency has been keeping an updated list of Known Exploited Vulnerabilities (KEV) that currently includes more than 900 security bugs, with the goal of helping inform organizations about vulnerabilities that should be prioritized. Despite that awareness campaign and emphasis on vulnerabilities that have been exploited in the wild, new […]

Read More
Fortinet Vulnerability, Fortigate

OpenSSL Bugs: What IT Admins Need to Know

The bugs impacting newer versions of OpenSSL are not as severe as once feared, but IT admins should still be expecting a wave of patches.

November 1, 2022 Zachary Comeau Leave a Comment

OpenSSL has released fixes for high-severity vulnerabilities affecting versions 3.0.0 through 3.0.6 that can cause a denial of service or remote code execution and allow attackers to take control of an affected system. However, the bugs are not as severe as once feared. The OpenSSL project, the organization that maintains the general-purpose cryptography and secure […]

Read More
IT news, This Week in IT

This Week in IT: macOS Bug, New Google Cloud Offerings, Phishing Attacks, Autopatch, and More

Security research, threat trends and the general availability of Microsoft's AutoPatch highlight this week's IT news.

July 14, 2022 Zachary Comeau Leave a Comment

Editor’s note: There is a lot going on in the world of IT, from emerging technologies to digital transformation and new cybersecurity threats. However, we can’t possibly cover it all, so we’ll bring you this curated summary of IT and enterprise technology stories each week. Microsoft Discovers macOS App Sandbox escape bug Microsoft says it […]

Read More
White House AI Regulations, ChatGPT, Generative AI

What Tech Firms Are Saying About The White House’s Open-Source Security Summit

White House's Open-Source Security Summit renews calls for software code transparency and more support for the open-source community.

January 13, 2022 Zachary Comeau Leave a Comment

After the Log4j vulnerabilities threw a wrench into the holiday plans of IT and cybersecurity folks last month, the federal government has taken swift action to address the issue, including instructing federal agencies to quickly patch and mitigate the vulnerability and making other resources available to the larger IT community. Now, the issue has been […]

Read More
Log4J SBOM

Log4j Highlights the Need for a Software Bill of Materials; Here’s How to Create One

Amid the Log4j vulnerabilities, it’s more important than ever that companies prioritize dependency management by creating a SBOM.

January 11, 2022 Bren Briggs, VP of DevOps and Cybersecurity at Hypergiant. Leave a Comment

Just days into the new year and the cybersecurity community is already playing catch up thanks to the recent Log4j vulnerability which illuminated major setbacks in how organizations deal with its own software and open-source packages on which its relies on. In particular, organizations have been caught off guard in auditing its own systems, giving […]

Read More
Fortinet Vulnerability, Fortigate

Critical Vulnerability in Java Logging Library Log4j Is Being Actively Exploited

The Java logging library vulnerability is impacting widely used software, with more likely to be affected, security experts say.

December 10, 2021 Zachary Comeau Leave a Comment

Security researchers have discovered a new easy-to-exploit zero-day vulnerability in the ubiquitous Java logging library Apache Log4j 2 that could give attackers the ability to execute unauthenticated remote code execution. The U.S. Cybersecurity and Infrastructure Security Agency, along with dozens of cybersecurity providers, have issued alerts and advisories of the vulnerability, CVE-2021-44228, which they warn […]

Read More