+84949482065
US government officials have disrupted a botnet believed to have been used by Russian state-sponsored threat actors to launch spearphishing and credential theft attacks. The botnet of hundreds of small…
Juniper has released an out-of-cycle advisory assigning CVEs to vulnerabilities that had previously been patched in an earlier security release without specific CVEs. The vulnerabilities, three missing authentication vulnerabilities and…
According to data collected by the Shadowserver Foundation, there are still at least 45,000 public-facing Jenkins servers that have not been patched against a known critical vulnerability. The flaw, which…
In late December, GitHub learned through its Bug Bounty program about a vulnerability that allowed access to environment variables in a production container. GitHub.com has been patched and affected credentials…
Researchers from Bishop Fox has observed that nearly 180,000 SonicWall firewalls have not been patched against two stack-based buffer overflow vulnerabilities. SonicWall released advisories with fixes for the vulnerabilities in…
A pair of vulnerabilities in Ivanti Connect Secure and Policy Secure are being actively exploited. There are currently no fixes available for the authentication bypass and command injection vulnerabilities. Ivanti…
HealthEC LLC, “a population health technology company that provides services to other entities,” has reported a data security breach that affects nearly 4.5 million patients. The incident occurred in July…
The LastPass password manager application is now requiring that all master passwords have a minimum length of 12 characters. Although the 12-character minimum has been the LastPass default since 2018,…
The Israel-linked Predatory Sparrow group claimed to have paralyzed around 70% of 33,000 gas stations across Iran in a cyberattack and gained access to payment systems and management servers. More…
Ivanti has fixed 22 vulnerabilities in their Avalanche mobile device management product. More than half of the vulnerabilities are rated critical. The flaws affect all supported versions of Avalanche; users…
