Patch/Configuration Management

Active exploitation of Ghostscript RCE underway

SC StaffJuly 9, 2024

Attackers could leverage the flaw, tracked as CVE-2024-29510, via image and document processors to evade Ghostscript's sandbox, execute shell commands, leak stack-based data, and achieve memory corruption.

Chinese hacker. Laptop with binary computer code and china flag

Patch/Configuration Management

US, others warn of APT40 hacking group threat

SC StaffJuly 9, 2024

Attacks by the threat operation entailed the initial targeting of breached devices before proceeding with the exploitation of vulnerable Microsoft Exchange, Atlassian Confluence, and Apache Log4j instances.

Abstract blue digital gears for AI innovation Business and tech industry growth futuristic

OT Security

Microsoft to industrial sector: Patch Rockwell PanelView Plus products

Steve ZurierJuly 3, 2024

Microsoft warns that the two bugs it discovered could lead to remote code execution and disrupt operations via denial-of-service attacks.

Interior of Big Modern server room with rows of rack cabinets, data centre or mining farm interior with beautiful neon lights reflections.

Vulnerability Management

Maximum severity PTC license server bug fixed

SC StaffJuly 3, 2024

Major product lifecycle management software provider PTC has released a fix for a maximum severity vulnerability impacting a license server of its widely used Creo Elements/Direct modeling CAD software, tracked as CVE-2024-6071, reports SecurityWeek.

Network Security

Cisco patches zero-day in NX-OS Nexus switch software

Steve ZurierJuly 2, 2024

Security pros point out that Nexus switches are the backbone of many data centers, so teams must look to patch right away.

Red glowing letters saying hacked on dark background with binary code

Network Security

14 million OpenSSH servers exposed to the internet via regression flaw

Steve ZurierJuly 1, 2024

Security pros say this incident underscores the need for thorough regression testing.

Patch/Configuration Management

Over a dozen GitLab vulnerabilities addressed

SC StaffJune 28, 2024

Most severe of the addressed flaws is a critical bug in GitLab CE/EE versions newer than 15.8, 17.0, and 17.1, tracked as CVE-2024-5655, which could be leveraged to facilitate automated execution of a pipeline upon the automated re-targeting of a merge request.

Vulnerability Management

Five things security teams need to know about the latest MOVEit Transfer bug

Steve ZurierJune 27, 2024

Here are five steps security teams can take to mitigate the threat from the latest MOVEit Transfer bug, CVE-2024-5806.

Patch/Configuration Management

Page 15. Back to first page.

Related Videos

A couple simple steps companies can take to protect their systems from ransomware

Active exploitation of Ghostscript RCE underway

US, others warn of APT40 hacking group threat

Microsoft to industrial sector: Patch Rockwell PanelView Plus products

Maximum severity PTC license server bug fixed

Cisco patches zero-day in NX-OS Nexus switch software

14 million OpenSSH servers exposed to the internet via regression flaw

Over a dozen GitLab vulnerabilities addressed

Five things security teams need to know about the latest MOVEit Transfer bug