10 free cybersecurity guides you might have missed

This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a… Continue reading 10 free cybersecurity guides you might have missed

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML aut… Continue reading Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

NIST Cybersecurity Framework: A Cheat Sheet for Professionals

The US National Institute of Standards and Technology’s framework defines federal policy, but it can be used by private enterprises, too. Here’s what you need to know. Continue reading NIST Cybersecurity Framework: A Cheat Sheet for Professionals

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wil… Continue reading Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the … Continue reading QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based m… Continue reading PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Attackers can steal NTLM password hashes via calendar invites

A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Ta… Continue reading Attackers can steal NTLM password hashes via calendar invites

1,700 Ivanti VPN devices compromised. Are yours among them?

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are acti… Continue reading 1,700 Ivanti VPN devices compromised. Are yours among them?

“Security researcher” offers to delete data stolen by ransomware attackers

When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised. And even if an organization gets its data decrypted, they cann… Continue reading “Security researcher” offers to delete data stolen by ransomware attackers