Vulnerabilities

CISA Advises Urgent Priority For Patching of New VMware Vulnerabilities

MAY 19, 2022 12:38 GMT CISA has issued a rare emergency directive and is advising urgent patching priority for…

May 19, 2022 00:04 GMT

F5Networks Security Fixes—Critical RCE Impacting BIG-IP

MAY 6, 2022 16:03 GMT F5Networks has released security updates to patch multiple products, including a critical vulnerability…

May 6, 2022 15:52 GMT

Wormable RPC Vulnerability Among Several Fixed In April Patch Tuesday

APRIL 14, 2022 20:32 GMT Microsoft’s Patch Tuesday for April includes a notably high volume of critical fixes.…

April 14, 2022 18:31 GMT

Spring4Shell Zero-Day RCE Affects VMWare’s Java Application Framework

A zero-day RCE vulnerability (CVE-2022-22965) affecting VMWare's Spring Java Framework has had PoC exploit code prematurely released.

March 31, 2022 23:27 GMT

Critical Remote Code Execution Vulnerability Found in Sophos Firewall Products

A critical Remote Code Execution vulnerability with CVSS score of 9.8 has been patched in the Sophos Firewall platform.

March 29, 2022 22:22 GMT

PwnKit Local Privilege Escalation Bug Plagues Linux Distributions

1/27/2022 23:23 GMT An argument-parsing bug in the pkexec utility from the PolKit package allows easy-to-exploit local privilege…

January 27, 2022 21:55 GMT

Microsoft Critical Wormable RCE and Six Zero-Days Highlight January Patch Tuesday

The January 2022 Patch Tuesday is a big one, but shouldn't be postponed as it contains a patch for a critical wormable RCE vulnerability in the HTTP protocol stack.

January 12, 2022 21:32 GMT

Log4j New Year Wrap-Up

One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.

January 7, 2022 01:15 GMT

Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability

Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.

December 14, 2021 19:39 GMT

Log4j/Log4Shell Updates and Recommended Guidance

Updates and recommended guidance for identifying vulnerable servers and mitigating exploit attempts.

December 13, 2021 20:18 GMT

Hand-Picked Top-Read Stories

Deep Dive into SOC-as-a-Service

Weekly Top Ten Cybersecurity Stories – 5.20.2022

May 2022 Windows Patches Could Cause Auth Issues On Domain Controllers

Trending Tags

Vulnerabilities

CISA Advises Urgent Priority For Patching of New VMware Vulnerabilities

F5Networks Security Fixes—Critical RCE Impacting BIG-IP

Wormable RPC Vulnerability Among Several Fixed In April Patch Tuesday

Spring4Shell Zero-Day RCE Affects VMWare’s Java Application Framework

Critical Remote Code Execution Vulnerability Found in Sophos Firewall Products

PwnKit Local Privilege Escalation Bug Plagues Linux Distributions

Microsoft Critical Wormable RCE and Six Zero-Days Highlight January Patch Tuesday

Log4j New Year Wrap-Up

Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability

Log4j/Log4Shell Updates and Recommended Guidance

Threat Advisories

Weekly Top Ten Cybersecurity Stories – 5.20.2022

May 2022 Windows Patches Could Cause Auth Issues On Domain Controllers

Weekly Top Ten Cybersecurity Stories – 5.13.2022

Weekly Top Ten Cybersecurity Stories – 5.6.2022

Weekly Top Ten Cybersecurity Stories – 4.29.2022

Education

How To Get the Most Out of Your Pen Test

Guide To Better Security Logging

Building a Privileged Access Management (PAM) Strategy

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware

University Researchers Pit Top 18 EDR Products Against Real-World Attacks

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit