My TechDecisions

Search Results: vulnerabilities

Syxsense, Cybersecurity, IT management

How Combined IT Management and Security Solutions Can Help Detect and Fix Vulnerabilities

Cybersecurity company Syxsense says its combined IT management and security platform can help IT teams be more efficient.

July 13, 2022 Zachary Comeau Leave a Comment

My TechDecisions was at RSA Conference 2022 last month, and we learned that the cybersecurity market is becoming crowded with solution providers and tools that can do many different things, including vulnerability scanning, endpoint management, patching and other critical security functions. That typically means organizations must use several different solutions to do very specific tasks […]

Read More
Tenable Splunk

Critical Vulnerabilities Found in Popular Access Control Panels

The cybersecurity vulnerabilities, resulting in full system control, were found in firmware running on Mercury LP and EP4502 controllers.

June 23, 2022 TD Staff Leave a Comment

Silicon Valley, Calif.-based cybersecurity firm Trellix recently announced it discovered four zero-day vulnerabilities in HID Global Mercury access control panels, as well as four previously patched vulnerabilities that were not publicly disclosed. The firm says the impact of these vulnerabilities is full system control, including the ability for an attacker to remotely manipulate door locks. […]

Read More
CISA Software Security

CISA Adds 75 Known Exploited Vulnerabilities to List, Including New Cisco Bug

CISA within the last week has added 75 security flaws to its list of known vulnerabilities, including a newly discovered CISCO bug.

May 27, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) within the last week has added more than 70 security flaws to its list of known exploited vulnerabilities that U.S. agencies must patch by a certain date, indicating a heightened danger if the bugs are left unpatched. CISA on Wednesday added 34 bugs to its catalog of […]

Read More
VMware

Patch These Four VMware Vulnerabilities Immediately

After several large organizations have reported attacks, VMware and CISA are urging others to patch these four vulnerabilities immediately.

May 19, 2022 Zachary Comeau Leave a Comment

Organizations are being urged to patch certain VMware products as threat actors are chaining a series of unpatched vulnerabilities in some of the company’s products to gain full system control, even as patches have been available for several weeks. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), threat actors, likely sophisticated groups, are […]

Read More
Microsoft Security RSA Conference

May Patch Tuesday Brings 74 Microsoft Vulnerabilities to Patch

The May 2022 Patch Tuesday release gives IT admins over 70 bugs to patch, including one complex bug under active attack.

May 10, 2022 Zachary Comeau Leave a Comment

Microsoft has released fixes for 74 vulnerabilities in a myriad of IT products this Patch Tuesday, including three zero-day vulnerabilities and a Windows LSA spoofing bug under active attack and several critical remote code execution flaws. The 74 bugs fixed by Microsoft in today’s Patch Tuesday release are in Windows, .NET and Visual Studio, Edge, […]

Read More
Log4j, Older Vulnerabilities, CISA KEV

Make Sure These 15 Most Exploited Vulnerabilities From 2021 Are Patched

IT pros should be familiar with some of these 15 most exploited 2021 bugs, but continued targeting of them suggests more organizations need to patch.

April 28, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with a coalition of U.S. and foreign security and law enforcement agencies, have released a list of the 15 most exploited vulnerabilities from 2021, calling on both public and private organizations to ensure these critical security bugs are mitigated and systems patched. The list, published in a […]

Read More
CISA Software Security

DHS’ First Bug Bounty Program Nets 122 Vulnerabilities

Hack DHS, the Department of Homeland Security's first bug bounty program, uncovers 27 critical-rated vulnerabilities.

April 25, 2022 Zachary Comeau Leave a Comment

The U.S. Department of Homeland Security says its first bug bounty program, Hack DHS, has resulted in the disclosure of more than 120 vulnerabilities, and 27 of them were determined to be critical. The Department of Homeland Security (DHS) launched the agency’s first bug bounty program in December 2021 in an attempt to find and […]

Read More
CISA Software Security

CISA Adds 66 CVEs to Known Exploited Vulnerabilities List

The majority of the new additions to CISA's list of known exploited vulnerabilities are several years old, including 8 from 2010 or earlier.

March 28, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added 66 software security bugs that are being actively exploited to its database of known exploited vulnerabilities, including some from leading technology vendors that date back several years. For the majority of the products implicated in the new additions, there are patches available to remediate the […]

Read More
SBOMs

Report: Older Vulnerabilities Plaguing Legacy Systems

F-Secure report finds that older vulnerabilities dating back several years are still impacting legacy IT systems.

March 8, 2022 Zachary Comeau Leave a Comment

New critical software vulnerabilities are discovered every month, but its older vulnerabilities in legacy systems that continue to plague IT departments and cybersecurity professionals, according to new research from cybersecurity firm F-Secure. The report, Attack Landscape Update, dishes on trending cybersecurity threats, including ransomware, malware, phishing and more, but the most alarming information in the […]

Read More
CISA Software Security

CISA Adds 95 New Bugs To Database Of Known Exploited Vulnerabilities

Some security bugs recently added to CISA's catalog of known exploited vulnerabilities are more than a decade old.

March 4, 2022 Zachary Comeau Leave a Comment

There are 95 new known exploited vulnerabilities that IT and security professionals should immediately investigate and mitigate, including several that date back at least a decade, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The agency added the vulnerabilities to its catalog of known exploited vulnerabilities based on evidence of exploitation in the […]

Read More