Category Archives: week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) Progress Software has patched one critical (CVE-2024-5805) and one high-ris… Continue reading Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The rise of SaaS security teams In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the rec… Continue reading Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) JetBrains has fixed a critical vulnerability (CVE-2024-37051) that coul… Continue reading Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) If you’re self-hosting an Atlassian Confluence Server or Data Center installation… Continue reading Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RansomLord: Open-source anti-ransomware exploit tool RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit … Continue reading Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) For the eighth time this year, Google has released an emergency update for … Continue reading Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Basta target orgs with new social engineering campaign Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a comb… Continue reading Week in review: New Black Basta’s social engineering campaign, passing the CISSP exam in 6 weeks→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Prov… Continue reading Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades There are proof-of-concept techniques allowing attackers to… Continue reading Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks→

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) A state-sponsored threat actor has managed to compromise Cisco Ada… Continue reading Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024→