Vulnerability Management

Most Recent

Meta AI Safety System Easily Compromised, Study Shows

CRA News ServiceAugust 1, 2024

Patch/Configuration Management

CISA: Immediate Patching of Critical ServiceNow Bugs Needed

CRA News ServiceJuly 31, 2024

“The fifth highest-paying certification is also from ISACA, and this one is for IS auditors,” said Hales. “CISA certification is ISACA’s oldest, dating back to 1978, with more than 106,000 people certified since its inception. CISA certification requires at least five years of experience in IS auditing, control, or security ...

Vulnerability Management

Updated CISA Exploited Vulnerabilities Catalog Includes Internet Explorer, Twilio Authy Bugs

CRA News ServiceJuly 25, 2024

CISA has updated its Known Exploited Vulnerabilities catalog to include an old critical use-after-free flaw impacting Internet Explorer and a medium severity information disclosure bug affecting Twilio Authy.

Splunk has fashioned a deal that would enable the fast-growing tech
company to greatly widen its presence at San Jose’s iconic and bustling
Santana Row mixed-use complex, according to several sources familiar with
the rental transaction.
George Avalos / Bay Area News Group

Vulnerability Management

Immediate Remediation of Splunk Enterprise Bug Urged Amid Easy Exploitability

CRA News ServiceJuly 22, 2024

Users of Splunk Enterprise on Windows versions earlier than 9.2.2, 9.1.5, and 9.0.10 should immediately apply fixes for this high-severity path traversal vulnerability.

Vulnerability Management

VMware, SolarWinds Vulnerabilities Exploited, and Cisco Warns of Critical ‘10.0’ Flaw

Steve ZurierJuly 18, 2024

Cisco said the vulnerability was caused by an improper implementation of the password change process.

Exploring USAs digital map connectivity data transfer cyber tech info exchange. Concept Data Transfer, Cyber Technology, Tech Exchange, Connectivity, Digital Map

Vulnerability Management

CISA: Urgent Remediation of Critical GeoServer Flaw needed

CRA News ServiceJuly 17, 2024

CISA has updated its Known Exploited Vulnerabilities catalog to include a critical GeoServer flaw, tracked as CVE-2024-36401.

Cyber security concept. Toy horse on a digital screen, symbolizes the attack of the Trojan virus. 3D illustration.

Vulnerability Management

Upstream Attacks Likely with New Trojan Source Vulnerability

MSSP Alert StaffJuly 16, 2024

The new "Trojan Source" vulnerability enables stealthy malicious source code injections and could mean upstream attacks similar to the SolarWinds supply chain intrusion nearly four years ago.

Vulnerability Management

Widespread Exploitation of PHP Vulnerability Reported

MSSP Alert StaffJuly 12, 2024

The PHP vulnerability, tracked as CVE-2024-4577, have been launched by several threat actors shortly after the flaw's disclosure in late spring.