#Vulnerabilities

[ follow ]
#vulnerabilities
Theregister
1 month ago
Information security

Three-year-old Apache Flink flaw now under active attack

Apache Flink CVE-2020-17519 allows unauthorized reading of local files, exploited in the wild, prompting urgent patches and checks for compromises. [ more ]
DevOps.com
1 month ago
Information security

Defining DevSecOps for IoT - DevOps.com

IoT technology brings efficiency but poses security challenges. [ more ]
time.com
1 month ago
Information security

EPA warns of increasing cyberattacks on water utilities

Water utilities are increasingly targeted by cyberattacks, urging immediate protective actions by addressing vulnerabilities and enhancing cybersecurity measures. [ more ]
Theregister
1 month ago
Information security

QNAP called out for dragging its heels on patch development

Researchers publicly disclosed 15 vulnerabilities in QNAP systems due to delayed patches despite following the 90-day disclosure window. [ more ]
Nextgov.com
1 month ago
Information security

New mailing list aims to share hacking attempts on open-source projects

The Open Source Security Foundation launched Siren, an alert system for open-source vulnerabilities to enhance communication and safeguard software from exploitation. [ more ]
The Verge
1 month ago
Information security

Two students find security bug that could let millions do laundry for free

A security lapse exposed vulnerabilities in internet-connected washing machines, allowing college students to do free laundry. [ more ]
Theregister
1 month ago
Information security

Three-year-old Apache Flink flaw now under active attack

Apache Flink CVE-2020-17519 allows unauthorized reading of local files, exploited in the wild, prompting urgent patches and checks for compromises. [ more ]
DevOps.com
1 month ago
Information security

Defining DevSecOps for IoT - DevOps.com

IoT technology brings efficiency but poses security challenges. [ more ]
time.com
1 month ago
Information security

EPA warns of increasing cyberattacks on water utilities

Water utilities are increasingly targeted by cyberattacks, urging immediate protective actions by addressing vulnerabilities and enhancing cybersecurity measures. [ more ]
Theregister
1 month ago
Information security

QNAP called out for dragging its heels on patch development

Researchers publicly disclosed 15 vulnerabilities in QNAP systems due to delayed patches despite following the 90-day disclosure window. [ more ]
Nextgov.com
1 month ago
Information security

New mailing list aims to share hacking attempts on open-source projects

The Open Source Security Foundation launched Siren, an alert system for open-source vulnerabilities to enhance communication and safeguard software from exploitation. [ more ]
The Verge
1 month ago
Information security

Two students find security bug that could let millions do laundry for free

A security lapse exposed vulnerabilities in internet-connected washing machines, allowing college students to do free laundry. [ more ]
morevulnerabilities
Cloud Pro
4 months ago
Software development

Why software 'security debt' is becoming a serious problem for developers

Many organizations have software security debt
Experts advise reassessing how third party code is maintained [ more ]
Theregister
5 months ago
DevOps

FBI: Beware of cloud-credential thieves building botnets

Crooks are exploiting old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet.
Androxgh0st primarily targets .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. [ more ]
Theregister
5 months ago
Information security

FBI: Beware of cloud-credential thieves building botnets

Crooks are exploiting old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet.
Androxgh0st primarily targets .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. [ more ]
Axios
5 months ago
Information security

Researchers warn suspected China-backed hackers are targeting flaws in Invanti VPN tools

Hackers are actively exploiting vulnerabilities in Ivanti's products, potentially impacting its 40,000 customers.
A Chinese state-backed hacking group is suspected of targeting these vulnerabilities to access companies' networks. [ more ]
Rubyflow
5 months ago
Ruby on Rails

How to Use Brakeman to Find Security Vulnerabilities in your Rails app

Regular security assessments are important to protect web applications
Brakeman is a helpful tool for identifying security vulnerabilities in Ruby on Rails apps [ more ]
Theregister
6 months ago
Information security

MongoDB issues weekend warning of breach

MongoDB experienced a security incident involving unauthorized access to certain systems, resulting in exposure of customer account metadata and contact information.
Customers are advised to be vigilant for social engineering and phishing attacks, activate multi-factor authentication, and regularly rotate passwords. [ more ]
Theregister
6 months ago
Privacy professionals

MongoDB issues weekend warning of breach

MongoDB experienced a security incident involving unauthorized access to certain systems, resulting in exposure of customer account metadata and contact information.
Customers are advised to be vigilant for social engineering and phishing attacks, activate multi-factor authentication, and regularly rotate passwords. [ more ]
Theregister
6 months ago
Privacy professionals

MongoDB issues weekend warning of breach

MongoDB experienced a security incident involving unauthorized access to certain systems, resulting in exposure of customer account metadata and contact information.
Customers are advised to be vigilant for social engineering and phishing attacks, activate multi-factor authentication, and regularly rotate passwords. [ more ]
Theregister
6 months ago
Information security

US reveals email addresses used to send ransomware demands

The Karakurt extortion gang poses a significant challenge for network defenders due to their extensive harassment tactics.
The FBI and US government agencies have released a list of vulnerabilities and methods exploited by Karakurt to help organizations avoid falling victim. [ more ]
[ Load more ]