As electric vehicle (EV) charging infrastructure rushes to keep pace with the dramatic rise in sales of electric vehicles in the United States, cyberattackers and security researchers alike have already started focusing on security weaknesses in the infrastructure. In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol…

The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,”…

The number of open source vulnerabilities that Mend identified and added to its vulnerability database in the first nine months of 2022 was 33 percent greater than the first nine months of 2021, reflecting both the growth in the number of published open-source packages and the acceleration of vulnerabilities. As businesses continue to heavily rely…

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests. A vulnerability that’s difficult to eradicate When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following…

The “Bleed You” campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise. The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns,…

A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, Guardio researchers have discovered. By abusing the fully-featured 14-day trial option for that hosted cloud service, scammers are already taking advantage of the platform at no cost, but the vulnerability could have allowed them…

Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors. It examines malicious cyberactivity including threats to email, the malicious use of legitimate third-party…