vulnerabilities Archives - Page 9 of 63

Synology fixes multiple critical vulnerabilities in its routers

Issued by: Security Affairs

Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). The vulnerability resides in the Remote Desktop Functionality of Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635….

Application Security

When CISOs Are Ready to Hunt

Issued by: Dark Reading

Like a member of any profession, a chief information security officer (CISO) grows into their role. They exhibit a maturity curve that can be roughly split into five attitudes: Protection: When a CISO first steps into their role, they look to perfect the basics and build a fortress for themselves in the form of firewalls,…

Vulnerabilities

Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Issued by: Security Week

The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses. “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability…

Vulnerabilities

Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw

Issued by: Dark Reading

Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32. “Both must be configured with…

Vulnerabilities

What is Log4Shell and why is it still dangerous a year later?

Issued by: Kaspersky Blog

A year ago, in December 2021, the Log4Shell vulnerability (CVE-2021-44228) in the Apache Log4j library caused a sensation. Although by the spring it was no longer on the front pages of IT media outlets, in November 2022 it reemerged when it was reported that cybercriminals had exploited the vulnerability to attack a US federal agency…

Malware & Threats

Rackspace confirms it suffered a ransomware attack

Issued by: Malwarebytes

It’s not been a great week for cloud computing service provider Rackspace. On December 2, customers began experiencing problems connecting and logging into their Exchange environments. Rackspace started investigating and discovered an issue that affected its Hosted Exchange environments. Now Rackspace has announced it was actually a ransomware incident that caused the service disruptions. While…

Mobile Security

Google Migrating Android to Memory-Safe Programming Languages

Issued by: Security Week

Between 2019 and 2022, the annual number of reported memory safety issues in Android has dropped from 223 to 85, due to an increase in the amount of memory-safe code entering the mobile platform, and the trend is expected to continue. Memory safety bugs, Google notes, are typically the most severe type of vulnerabilities. In…

Vulnerabilities

Why the Culture Shift on Privacy and Security Means Today’s Data Looks Different

Issued by: Dark Reading

Over the past 15 years, several events have reshaped how we think about data — what it means from a business perspective and what rights individuals have regarding how their personal information is used. Data security governance undoubtedly will play a large role in the future; however, conversations are still in relatively early stages. In…

Malware & Threats

Killnet Gloats About DDoS Attacks Downing Starlink, White House

Issued by: Dark Reading

Killnet and its band of hacker collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion — Elon Musk’s Starlink satellite broadband service and the websites of the White House in the US…