Apr 26, 2024NewsroomThreat Intelligence / Cyber Attack Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to […]
Apr 20, 2024NewsroomVulnerability / Network Security Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as “intricate” and a combination of two bugs in versions PAN-OS 10.2, […]
Trust in cybersecurity tools has become one of the biggest challenges facing critical national infrastructure (CNI) providers as sophisticated nation-state attacks proliferate, according to a new report from Bridewell. The IT services firm’s latest Cyber Security in Critical National Infrastructure report is based on interviews with over 1000 CISOs and equivalent at CNI providers in […]
Critical Infrastructure Security Hacks on Unregulated Dams Can Result in Mass Casualties, Experts and Lawmakers Warn Chris Riotta (@chrisriotta) • April 18, 2024 Dams need better cybersecurity, warn experts. (Image: Shutterstock) Could a hacker seize control of America’s dams, unleashing floods and chaos across vulnerable communities? Cybersecurity analysts and leading lawmakers warn it’s […]
Apr 18, 2024NewsroomContainer Security / Cryptocurrency Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That’s according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform […]
Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate. Instead of asking, “Are we exposed?” organizations should ask, “How exposed are we?” To understand this question, businesses must implement […]
Apr 12, 2024NewsroomNetwork Security / Zero-Day Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. “A command injection vulnerability in the GlobalProtect feature of Palo Alto […]
Only three critical vulnerabilities were fixed as part of the April 2024 Patch Tuesday updates, but there are over 67 remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.
Fortinet fixed a critical remote code execution bug in FortiClientLinux Pierluigi Paganini April 10, 2024 Fortinet addressed multiple issues in FortiOS and other products, including a critical remote code execution flaw in FortiClientLinux. Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of […]