Mastodon users and administrators need to upgrade to the latest version to patch a critical vulnerability (CVE-2024-23832) that allows attackers to take over accounts remotely.
A variant of a long-running botnet is now abusing the Log4Shell vulnerability but is going beyond internet-facing applications and is targeting all hosts in a victim’s internal network. Researchers at Akamai explain the shift in the FritzFrog botnet — which has existed since 2020 — in a report released Thursday. The botnet typically uses brute-force […]
How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working? And even if you are measuring, faulty reporting or focusing on […]
The vulnerability, tracked as CVE-2023-6933, allows unauthenticated attackers to inject a PHP object, potentially leading to code execution, data access, file manipulation, or denial of service.
Besides fixing an actively exploited zero-day vulnerability, the latest update for the iOS 17 branch offers a new feature to help you protect your accounts and sensitive information in case your iPhone gets stolen. Stolen Device Protection If enabled, the Stolen Device Protection feature makes it difficult for iPhone thieves to switch certain features on […]
A critical vCenter Server vulnerability (CVE-2023-34048) is actively being exploited, allowing attackers to execute remote code with high impact and without requiring authentication.
The vulnerability affects various GPU products, with AMD and Apple planning mitigations, and Imagination and Qualcomm issuing fixes. Nvidia and Arm are reportedly unaffected.
Israeli startup Vicarius, which develops an autonomous end-to-end vulnerability remediation platform, announced on Wednesday a $30 million Series B led by cybersecurity investment firm Bright Pixel Capital. AllegisCyber Capital, AlleyCorp, and Strait Capital all participated in the financing. The company’s total funding, including investments from previous investors such as JVP, is now over $56 million. […]
German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week. Researchers from Bitdefender discovered an issue with Bosch BCC100 thermostats last August which lets an attacker on the same network replace the device firmware with a rogue version. Bogdan Botezatu, director of threat research […]