How to choose secure, verifiable technologies?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring softwa… Continue reading How to choose secure, verifiable technologies?

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-en… Continue reading Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a crit… Continue reading Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are… Continue reading PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

There are approximately 163 devices worldwide that are still exposed to attack via the CVE-2024-39717 vulnerability. Continue reading Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials… Continue reading Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out… Continue reading Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unabl… Continue reading Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

Email attacks skyrocket 293%

Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, according to Acronis. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024. Ransomware remains a top threat for… Continue reading Email attacks skyrocket 293%

Leveraging AI and automation for enhanced security operations

In this Help Net Security interview, Michelle Weston, VP of Security & Resiliency at Kyndryl, discusses the key challenges in security operations and how to address them. The top issues are increasing cyber resilience risks, changing regulatory co… Continue reading Leveraging AI and automation for enhanced security operations