Mar 12, 2024The Hacker NewsCTEM / Vulnerability Management In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, […]
Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By […]
AnyCubic released new firmware for its Kobra 3D printers to fix a zero-day vulnerability that allowed hackers to send security warnings to the printers. This vulnerability was due to insecure permissions in the company’s MQTT server.
Hackers are exploiting a critical authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, leading to the creation of hundreds of unauthorized users on unpatched instances.
Mar 04, 2024The Hacker NewsSaaS Security / Vulnerability Assessment A company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain […]
The Black Basta and Bl00dy ransomware gangs are exploiting a critical authentication bypass vulnerability (CVE-2024-1709) in unpatched ScreenConnect servers to gain admin access and deploy ransomware.
Feb 27, 2024NewsroomVulnerability / Website Security A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. “This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any […]
Feb 27, 2024NewsroomVulnerability / Website Security A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. “This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any […]
Governance & Risk Management , Vulnerability Assessment & Penetration Testing (VA/PT) Company Will Use Investment to Expand Services, Says CEO Dave Gerry David Perera (@daveperera) • February 12, 2024 Bugcrowd will use a $102 million investment to grow services and its platform. Ethical hacking-as-a-service platform Bugcrowd received a $102 million venture capital investment […]