USN-5357-2: Linux kernel vulnerability
It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based...
Attackers compromise 94% of critical assets within four steps of initial breach
New research from XM Cyber analyzing the methods, attack paths, and impacts of cyberattacks has discovered that attackers can compromise 94% of critical assets within...
USN-5360-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640)...
FBI adds LAPSUS$ data extortion gang to its “Most Wanted” list
The FBI is calling on members of the public to help it uncover members of an increasingly-notorious cybercrime gang. Read More
[R1] Nessus Agent Versions 8.3.3 and 10.1.3 Fix One Third-Party Vulnerability
Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and an updated version...
crun-1.4.4-1.fc34
FEDORA-2022-10fd054d40 Packages in this update: crun-1.4.4-1.fc34 Update description: Security fix for CVE-2022-27650 Read More
Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk
A remote code execution vulnerability in Spring Framework has sparked fears that it could have a widespread impact across enterprise environments. Spring is one of...
White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe
The White House recently reissued a warning to American businesses in response to the unprecedented economic sanctions the U.S. has imposed on Russia for the...
SpringShell (Spring4Shell) : New Unpatched RCE Vulnerability in Spring Core Framework
FortiGuard Labs is aware that an alleged Proof-of-Concept (POC) code for a new Remote Code Execution (RCE) vulnerability in Spring Core, part of the popular...
CISA Issues UPS Warning
Agency warns of attacks on internet-connected uninterruptible power supply devices Read More