A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. […]
Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira
Atlassian has released patches for nine high-severity vulnerabilities in Bamboo, Confluence, Crowd, and Jira products.
The post Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira appeared first on SecurityWeek.
CISA Warns of Exploited Vulnerabilities Impacting Dahua Products
CISA warns that attackers are exploiting two critical-severity authentication bypass vulnerabilities impacting multiple Dahua products.
The post CISA Warns of Exploited Vulnerabilities Impacting Dahua Products appeared first on SecurityWeek.
CrowdStrike Hits Back at Action1 Following $1 Billion Acquisition Rumors
CrowdStrike has denied having any significant acquisition talks with patch management firm Action1 following rumors of a $1 billion deal.
The post CrowdStrike Hits Back at Action1 Following $1 Billion Acquisition Rumors appeared first on SecurityWeek.
Cisco Patches High-Severity Vulnerability Reported by NSA
A high-severity vulnerability in Cisco Unified CM and Unified CM SME could allow attackers to cause a denial-of-service (DoS) condition.
The post Cisco Patches High-Severity Vulnerability Reported by NSA appeared first on SecurityWeek.
The Facts About Continuous Penetration Testing and Why It’s Important
What is Continuous Attack Surface Penetration Testing or CASPT?
Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an
Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an
Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites
A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user.
The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on SecurityWeek.
Google Patches Sixth Exploited Chrome Zero-Day of 2024
Chrome 128 was released in the stable channel with patches for 38 vulnerabilities, including a V8 JavaScript engine flaw exploited in the wild.
The post Google Patches Sixth Exploited Chrome Zero-Day of 2024 appeared first on SecurityWeek.
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.
“The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and
“The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and