Microsoft issued patches Tuesday for four more vulnerabilities in on-premises versions of the Exchange Server corporate email platform, one of which is a zero-day flaw.
Exim, one of the most-used message transfer agents, has issued patches for 21 flaws that could put thousands of users at risk of attacks, researchers at security firm Qualys say.
Dell has patched five issues in a firmware update driver that has shipped in millions of laptops, tablets and desktops since 2009. The vulnerabilities apparently have not been exploited in the wild and are not remotely exploitable.
A patch has been issued for a serious vulnerability that affects PHP Composer - a tool used to manage and install software dependencies in the PHP ecosystem. Security researchers at SonarSource say the flaw could put millions of websites at risk.
In light of the surge in ransomware attacks against universities, institutions need to make asset management a much higher priority, removing obsolete systems and upgrading essential systems to the latest version to avoid exploits of unpatched vulnerabilities, says Matthew Trump of the University of London.
Ivanti, parent company of Pulse Secure, published a permanent fix Monday for a zero-day vulnerability in Pulse Connect Secure VPN products that has been exploited to target U.S. government agencies, critical infrastructure providers and other companies over the last several weeks.
CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.
A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say.
The developer of Berkeley Internet Name Domain, or BIND 9, an open-source implementation of domain name systems, is advising users to mitigate three vulnerabilities that attackers could remotely exploit to cause systems to crash or become inaccessible.
Following news reports of ransomware attackers targeting QNAP Systems' network-attached storage appliances, encrypting users' data and then demanding a ransom, the company is urging users to immediately install a malware remover and run a malware scan.
The economics of vulnerability discoveries and exploits is always evolving, and knowing those dynamics can provide insights into what attackers are doing, says Casey Ellis of Bugcrowd.
The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring executive branch agencies to mitigate by Friday the risks posed by a zero-day vulnerability and three other recently patched flaws in Pulse Connect Secure VPN products.
SonicWall has patched three zero-day vulnerabilities in the hosted and on-premises versions of its Email Security product after attackers began exploiting them last month. Attackers can exploit the flaws to access email and pivot deeper into organizations' systems, FireEye Mandiant reports.
In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.
Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.