The MOVEit Transfer story continues to plague IT departments and security professionals as Progress Software has issued another advisory, urging organizations to apply yet another patch to address a privilege escalation flaw in its Transfer product. The company’s update comes amid reports of widespread exploitation, including several at several U.S. agencies that were breached as […]
Cybersecurity firm Fortinet is warning organizations of a critical vulnerability in its FortiGate SSL-VPN devices, continuing a string of recent exploitations of vulnerabilities in similar devices due to their internet-facing nature and access to a victim’s network. The vulnerability–tracked as CVE-2023-27997–is a heap-based overflow flaw that could allow a remote attacker to execute arbitrary code […]
[Editor’s Note: This article has been updated to reflect Barracuda Networks’ official statement.] Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug in the devices to replace them, even if they were patched. The company’s recommendation comes after Barracuda was first alerted to anomalous traffic coming from […]
Users of Google Chrome are again being urged to download a latest update to patch a high-severity security bug that is currently being exploited in the wild. The vulnerability, CVE-2022-3075, is described as an insufficient data validation flaw in Mojo, a collection of runtime libraries that Google says provides “a platform-agnostic abstraction of common IPC […]
To protect against cybercrime, every organization needs to build a culture of information security. To do that, infosec leaders need to become “sneaker CISOs.” There are three elements to security: Technology, people and processes. Sneaker CISOs are more focused on people and process than on technology. Too many security professionals today are so deep into […]
More than six months after the Log4Shell vulnerability was discovered in the widely used Java logger Log4j, cybersecurity agencies are warning of the continued exploitation of the bug in unpatched VMWare Horizon and Unified Access Gateway servers. The U.S. Cybersecurity and Infrastructure Agency (CISA), along with the U.S. Coast Guard Cyber Command (CGCYBER), say malicious […]
Editor’s note: This post has been modified with an updated security advisory and mitigation tips from Atlassian following a critical vulnerability first reported on June 3, 2022. Security researchers say a new critical zero-day vulnerability in all supported versions of Atlassian Confluence is being actively exploited to deploy webshells, and admins are being urged to […]
Microsoft is urging administrators to apply a workaround for a remote code execution vulnerability in Microsoft Support Diagnostic Tool (MSDT) that exists when the tool is called using the URL protocol from a calling application such as Microsoft Word. According to Microsoft, attackers who successfully exploit the bug, tracked as CVE-2022-30190, can run arbitrary code […]
Security researchers with cybersecurity firms say hackers are actively exploiting the Spring4Shell vulnerability to deploy the Mirai botnet malware. In a research report detailing the exploits, Tokyo-based cybersecurity firm Trend Micro says it has observed the exploitation since the start of this month after the remote code execution bug (CVE-2022-22965) in the Spring Framework was […]
The information technology and cybersecurity communities are still assessing the impact of Spring4Shell, a remote code execution vulnerability recently disclosed in the Spring Framework for Java that could allow for remote code execution in vulnerable installations. While exploit attempts have not yet been widespread, there is a simmering concern that this bug could be nearly […]
FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets
View all Guides
Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.
Enter Today!