Penetration Testing

FEBRUARY 28, 2024

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing 126

Penetration Testing Risk 126

Penetration Testing

MARCH 5, 2024

HashiCorp’s Vault, a popular tool for securely managing sensitive data, contains a vulnerability (CVE-2024-2048, CVSS 8.1) Understanding... The post CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing Risk Authentication 97

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing 109

Penetration Testing Risk 109

Penetration Testing

MARCH 27, 2024

A serious security vulnerability, dubbed “WallEscape” (CVE-2024-28085), has been uncovered in the essential Linux system utilities package, util-linux.

Passwords 96

Passwords Penetration Testing Risk 96

Veracode Security

FEBRUARY 28, 2024

Our State of Software Security 2024 report explores a key area this trade-off of speed to market prioritized against security has resulted in: security debt. Here's how to leverage this new data to enhance application risk management practices in 2024. That has to stop. We are at a critical juncture for our national security.”

Risk 105

Risk Marketing Software Technology 105

Heimadal Security

FEBRUARY 27, 2024

This comprehensive cybersecurity risk management template provides a structured approach for identifying, assessing, and prioritizing cybersecurity risks. By offering a standardized framework, it enables organizations to systematically evaluate their vulnerabilities and the potential impact of various cyber threats.

Risk 84

Risk Cybersecurity Cyber threats 84

Security Boulevard

DECEMBER 4, 2023

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post The Top 7 Cyber Risk Management Trends for 2024 | Kovrr blog appeared first on Security Boulevard.

Cyber Risk 127

Cyber Risk Risk 127

Security Boulevard

APRIL 6, 2024

UK NPSA provides a comprehensive guide to communication and preparedness for mitigating insider risk The UK government’s National Protective Security Authority (NPSA) has recently issued new guidance emphasizing the role of effective communication and zero trust best practices in mitigating insider risk.

Risk 57

Risk Government Cybersecurity 57

Penetration Testing

FEBRUARY 26, 2024

Two security vulnerabilities (CVE-2024-24401 and CVE-2024-24402) have been identified in Nagios XI, a widely used enterprise-grade monitoring tool. These flaws pose significant risks for organizations utilizing the software. Nagios XI... The post CVE-2024-24401 & 24402: Nagios XI Security Flaws Found!

Penetration Testing 141

Penetration Testing Software Risk 141

Security Boulevard

MARCH 26, 2024

What we found was this: in the rapidly evolving landscape of governance, risk, and compliance (GRC), siloed approaches are becoming increasingly obsolete. The post 2024 IT Risk and Compliance Benchmark Report Findings: Why Unifying Risk and Compliance Work Is No Longer Optional appeared first on Hyperproof.

Risk 72

Risk Government CISO 72

Penetration Testing

JANUARY 24, 2024

Photo Gallery is the leading... The post Over 200,000 Sites at Risk: Directory Traversal CVE-2024-0221 Vulnerability Hits Photo Gallery Plugin appeared first on Penetration Testing. The affected plugin, Photo Gallery by 10Web – Mobile-Friendly Image Gallery, has over 200,000 active installations.

Penetration Testing 125

Penetration Testing Risk Mobile 125

Security Boulevard

JANUARY 16, 2024

The global demand for enhanced insider risk management capabilities will continue to skyrocket across industries throughout 2024. The post Top Insider Risk Management Predictions for 2024 appeared first on Security Boulevard.

Risk 57

Risk 57

Penetration Testing

MARCH 7, 2024

A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation.

Penetration Testing 121

Penetration Testing Risk 121

Penetration Testing

MARCH 8, 2024

Canon has released a security bulletin addressing a buffer overflow vulnerability (CVE-2024-2184, CVSS 9.8) Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) in their WSD protocol process. This vulnerability affects specific models within their multifunction printer ranges.

Firmware 141

Firmware Penetration Testing Risk 141

Penetration Testing

JANUARY 10, 2024

Identified as CVE-2024-20272, this vulnerability allows unauthenticated attackers could gain root privileges on unpatched devices. Cisco Unity Connection lets users access and... The post Root Access Risk: Cisco Unity Connection’s CVE-2024-20272 Security Breach appeared first on Penetration Testing.

Penetration Testing 91

Penetration Testing Risk Software 91

Thales Cloud Protection & Licensing

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. Download the full Thales 2024 Thales Data Threat Report now.

Artificial Intelligence 139

Artificial Intelligence IoT Technology Threat Reports 139

The Last Watchdog

DECEMBER 14, 2023

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? What should I be most concerned about – and focus on – in 2024? In 2024, security teams will need to focus on developing automated tooling to shrink the range of issues that they need to address.

Cybersecurity 201

Cybersecurity Marketing Encryption CISO 201

Penetration Testing

FEBRUARY 4, 2024

These vulnerabilities tracked as CVE-2024-25089 and CVE-2023-36631, pose significant risks... The post CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control appeared first on Penetration Testing.

Firewall 78

Firewall Penetration Testing Risk 78

Penetration Testing

MARCH 14, 2024

This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Risk 136

The Last Watchdog

NOVEMBER 29, 2023

November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. Get the full 2024 Forecast report here. San Mateo, Calif.,

Risk 100

Risk Data privacy Government Cyber Risk 100

Penetration Testing

MARCH 26, 2024

The technical details and proof-of-concept (PoC) exploit code for a severe vulnerability in the Linux kernel (CVE-2024-1086) have been exposed, putting countless systems at risk. on the CVSS scale,... The post CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published! This flaw, rated a 7.8

Penetration Testing 110

Penetration Testing Risk 110

Penetration Testing

FEBRUARY 19, 2024

A critical remote code execution (RCE) vulnerability (CVE-2024-25600, CVSS 9.8) This vulnerability is actively being exploited, rendering affected websites at significant risk.... ... The post CVE-2024-25600: WordPress’s Bricks Builder RCE Flaw Under Attack appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing Risk 122

Security Boulevard

JANUARY 31, 2024

Unfortunately, vendors and suppliers also come along with significant third party cybersecurity risk. Early in January, Gartner named third-party risk cyber management (TPCRM) a […] The post Third-Party Cybersecurity Risk Management: A Short Guide for 2024 appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

Risk 65

Risk Cybersecurity Cyber threats 65

Security Boulevard

NOVEMBER 29, 2023

November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. San Mateo, Calif.,

Risk 102

Risk Data privacy 102

Penetration Testing

MARCH 11, 2024

A critical vulnerability (CVE-2024-2370, CVSS 9.8) ... The post CVE-2024-2370 (CVSS 9.8): Critical Flaw in ManageEngine Desktop Central Poses Major Security Risk appeared first on Penetration Testing. Organizations using a widely deployed enterprise management solution are facing a serious security threat.

Penetration Testing 76

Penetration Testing Risk 76

Heimadal Security

FEBRUARY 27, 2024

This comprehensive cybersecurity risk management template provides a structured approach for identifying, assessing, and prioritizing cybersecurity risks. By offering a standardized framework, it enables organizations to systematically evaluate their vulnerabilities and the potential impact of various cyber threats.

Risk 52

Risk Cybersecurity Cyber threats 52

Penetration Testing

APRIL 9, 2024

A critical vulnerability in the Rust standard library has been uncovered, exposing Windows-based systems to the risk of arbitrary code execution.

Penetration Testing 111

Penetration Testing Risk 111

Penetration Testing

JANUARY 21, 2024

In the interconnected realm of modern technology, where devices ranging from NAS systems to next-gen routers and headless home servers become the backbone of our digital lives, the software that powers them is of... The post CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability appeared first on Penetration Testing.

Penetration Testing 72

Penetration Testing Risk Technology Software 72

Trend Micro

MARCH 18, 2024

Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.

Risk 98

Risk 98

Penetration Testing

FEBRUARY 22, 2024

A patched vulnerability within Apple’s Shortcuts automation framework presents a substantial risk to macOS and iOS devices.

Penetration Testing 122

Penetration Testing Risk 122

Penetration Testing

MARCH 8, 2024

What’s the Risk? The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing. QNAP has issued a critical security advisory regarding multiple vulnerabilities impacting their NAS software solutions.

Penetration Testing 121

Penetration Testing Software Risk Authentication 121

Penetration Testing

MARCH 26, 2024

A security vulnerability in TeamViewer has been uncovered, putting macOS users of older versions at significant risk. This “symlink” flaw could allow attackers to elevate their privileges on a target machine and potentially cause... The post CVE-2024-1933: TeamViewer Bug Exposes macOS Users: Update Immediately!

Penetration Testing 107

Penetration Testing Risk 107

Security Boulevard

FEBRUARY 26, 2024

Uncover critical security flaws in ConnectWise ScreenConnect (CVE-2024-1709 & CVE-2024-1708) posing remote code execution risks. The post ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708) appeared first on Indusface. Actively exploited in the wild.

Authentication 61

Authentication Risk 61

Penetration Testing

JANUARY 17, 2024

A critical flaw, identified as CVE-2024-22406 with a CVSS score... The post Ecommerce Alert: Shopware Hit by Critical-Risk CVE-2024-22406 Flaw appeared first on Penetration Testing.

eCommerce 66

eCommerce Penetration Testing Risk Cybersecurity 66

Security Boulevard

JANUARY 26, 2024

The post New and challenging risks in 2024 appeared first on Security Boulevard.

Risk 57

Risk Government 57

Penetration Testing

JANUARY 8, 2024

A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used... The post Linux Kernel Flaw CVE-2024-0193 Opens Root Access appeared first on Penetration Testing. A new threat has emerged, casting a shadow over the reliability of the Linux kernel.

Penetration Testing 111

Penetration Testing Risk 111

Penetration Testing

MARCH 13, 2024

Organizations relying on Fortra FileCatalyst Workflow, a widely-used enterprise file transfer solution, are at severe risk due to a newly disclosed remote code execution (RCE) vulnerability (CVE-2024-25153, CVSS 9.8)

Penetration Testing 54

Penetration Testing Risk 54