Researchers at the security firm Trustwave have disclosed six vulnerabilities in SAP Adaptive Server Enterprise 16.0 (ASE) database software, with two rated as critical. These two vulnerabilities could enable attackers to perform arbitrary code execution and tamper with a system's data.
Thousands of unpatched Exim email servers are potentially vulnerable to a critical flaw that the NSA says Russian-backed hackers are attempting to exploit, according to the security firm RiskIQ, which also warns of two other Exim vulnerabilities that should be patched.
A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S. National Security Agency warns in an alert.
Six internal servers that Cisco uses to support its virtual networking service were compromised earlier this month after the company failed to patch two SaltStack zero day vulnerabilities. The company did not describe the damage done, saying only that "a limited set of customers" was impacted.
As ransomware gangs attempt to boost their illicit profits, the RagnarLocker ransomware gang has brought a new tactic to bear: installing a full virtual machine on victims' systems to hide their crypto-locking malware while it forcibly encrypts files, security firm Sophos warns.
From 2016 to 2019, sophisticated nation-state attackers preferred to target 10 vulnerabilities more than all others, the U.S. Cybersecurity and Infrastructure Security Agency and FBI warn in a new alert. They say many of these flaws are years old, yet remain unpatched and actively exploited.
Microsoft addressed vulnerabilities in a dozen of its software products in its Patch Tuesday update for May. And while none of the flaws are currently being exploited, several of the most critical flaws require immediate attention, the company says.
The average ransom paid by victims to ransomware attackers reached $111,605 in the first quarter of this year, up 33% from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate.
Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages.
CISA issued a warning to organizations running Pulse Secure VPN servers that their networks may still be vulnerable to hacking even if they applied patches for a previous flaw. Attackers are now using stolen Active Directory credentials to access networks.
Microsoft issued patches for three zero-day vulnerabilities as part of its most recent Patch Tuesday update. The software giant had previously warned users about two vulnerabilities in the Adobe Type Manager Library that were being exploited in the wild.
In January, hackers reportedly compromised portions of the New York state government's computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software. Although state officials say no data was compromised, the attack reportedly disabled some state agency information systems.
Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns. It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.
A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.