Patch/Configuration Management

Security pros say while the bug was patched, many companies likely have not patched it because the bug had a CVSS score below 8.

Microsoft's June Patch Tuesday system fixes include one critical Windows bug and dozens more flaws that experts advise users patch ASAP.

Security pros say security teams need to patch right away because so many organizations use PHP.

Nvidia’s high-profile status in the market will lead to an increase in security research.

Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek.

Fixes have been issued by Taiwanese networking device manufacturer Zyxel to address five security vulnerabilities impacting its NAS326 and NAS542 network-attached storage devices that have not been supported since the end of 2023, including three critical flaws that could be exploited to facilitate remote code execution and command injection attacks, according to The Register.

Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/ Josh's Latest post: https://opensources...

Boyce Codd Normal Form, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet and more, are on this edition of the Security Weekly News.