Search Results: vulnerabilities

Spike in Cyberattacks Exposes Vulnerabilities in University Security Measures

No matter an institution’s budgetary limitations, there are proven measures that institutions can adopt to enhance campus security and safeguard their resources.

August 21, 2023 Kevin Kirkwood Leave a Comment

Note: The views expressed by guest bloggers and contributors are those of the authors and do not necessarily represent the views of, and should not be attributed to My TechDecisions. As expected from authorities anticipating an increase in threats to the education sector, cyberattacks are continuing to wreak havoc on colleges and universities across the United States. As […]

May 2023 Patch Tuesday: Two Vulnerabilities Under Active Attack

Despite a far lower amount of vulnerabilities to fix, the May 2023 Patch Tuesday release includes patches for two actively exploited bugs.

May 9, 2023 Zachary Comeau Leave a Comment

The May 2023 Patch Tuesday brings a much smaller number of vulnerabilities that IT admins much fix as Microsoft has released fixes for just 38 vulnerabilities in the company’s software products. However two are listed as being actively exploited, which makes this month’s patches just as critical as other months. This is a very low […]

These Dangerous Vulnerabilities on CISA’s KEV List Are Still Being Widely Exploited

Despite patches being available for most of the bugs in CISA's Known Exploited Vulnerabilities catalog, many devices remain unpatched.

April 3, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency has been keeping an updated list of Known Exploited Vulnerabilities (KEV) that currently includes more than 900 security bugs, with the goal of helping inform organizations about vulnerabilities that should be prioritized. Despite that awareness campaign and emphasis on vulnerabilities that have been exploited in the wild, new […]

Older, Unpatched Vulnerabilities Are Still Wreaking Havoc

Older vulnerabilities that remain unpatched are still the primary vehicle for cyberattacks, Tenable report finds.

February 28, 2023 Zachary Comeau Leave a Comment

Older vulnerabilities for which patches have already been made available by the vendor are still the primary vehicle for cyberattacks, suggesting that organizations are still behind in practicing good cyber hygiene, according to new data from Tenable. The Columbia, M.D.-based provider of vulnerability management software finds in its 2022 Threat Landscape Report that the number […]

These macOS, iOS Vulnerabilities Could Allow Attackers to Access Messages, Photos & Call History

Cybersecurity firm Trellix has discovered new privilege escalation bugs in macOS and iOS that could give hackers access to sensitive data.

February 21, 2023 Zachary Comeau Leave a Comment

Cybersecurity firm Trellix says it has discovered a new class of privilege escalation bugs in macOS and iOS that could allow attackers to bypass code signing to execute arbitrary code and gain access to messages, location data, call history and photos. According to the firm, this could allow sandbox escape on both macOS and iOS. […]

Tenable Launches Initiative to Help Organizations Remediate Vulnerabilities Faster

The Tenable Research Alliance Program is designed to help IT teams mitigate vulnerabilities before hackers exploit them.

October 12, 2022 Zachary Comeau Leave a Comment

Vulnerability management company Tenable is creating a new research alliance program designed to share information prior to vulnerability disclosures and reduce the window of opportunity threat actors have to exploit newly disclosed vulnerabilities. According to the company, the Tenable Research Alliance Program allows security teams and system administrators to address attack paths and mitigate vulnerabilities […]

Two New Exchange Vulnerabilities Are Being Actively Exploited

Two new vulnerabilities in Microsoft Exchange that are similar to ProxyShell are being actively exploited, and a patch is not yet available.

October 3, 2022 Zachary Comeau Leave a Comment

Microsoft is warning organizations to mitigate two zero-day vulnerabilities in Exchange Server that are being actively exploited in the wild and can result in hands-on-keyboard access and Active Directory reconnaissance and data exfiltration. The vulnerabilities are CVE-2022-41040–a server-side request forgery (SSRF) vulnerability–and CVE-2022-41082–a remote code execution bug via Exchange PowerShell. According to Microsoft, CVE-2022-41040 can enable […]

CISA Warns of Quantum Computing Vulnerabilities

U.S. cyber agency's new guide warns of vulnerabilities and outlines the actions critical infrastructure stakeholders should take now.

August 29, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new guide that outlines the actions critical infrastructure stakeholders should take now to prepare for their future migration to the post-quantum cryptographic standard that the National Institute of Standards and Technology (NIST) will publish in 2024. In the guide, CISA says both the public […]

Fortinet, ransomware, zero day vulnerabilities, log4shell

Ransomware, Zero-Day Vulnerabilities On the Rise

Ransomware variants and the use of zero-day vulnerabilities continued their upward tend in the first half of 2022, Fortinet report says.

August 17, 2022 Zachary Comeau Leave a Comment

The number of new ransomware variants nearly doubled in the first half of 2022 and attackers are increasingly leveraging zero-day vulnerabilities, painting a dire picture for IT and cybersecurity professionals, according to a new report from cybersecurity solutions provider Fortinet. According to the company’s FortiGuard Labs Threat Landscape report for the first half of 2022, […]

August 2022 Patch Tuesday: 121 Microsoft Vulnerabilities

The 121 vulnerabilities include an actively exploited MSDT code execution bug and 16 other critical-rated flaws.

August 9, 2022 Zachary Comeau Leave a Comment

IT admins will need to patch 121 critical vulnerabilities this month as part of Microsoft’s monthly security patches, which is notably higher than what is typically expected of an August security release. According to Zero Day Initiative (ZDI), the security bugs fixed this month affect Azure Batch Node Agent, Real Time Operating System, Site Recovery, […]