Security vulnerabilities stories

SonicWall and Australia’s ACSC are urging all businesses using SonicWall SMA 100 Series appliances to patch the devices as soon as possible.>>

A security researcher from CanIPhish.com has discovered over 200 well-known Australian corporations with email security vulnerabilities.>>

Jonathan Care explains some risks the vulnerability poses for organisations and the steps security leaders should take to secure their enterprise systems against potential associated threats.>>

Datto is encouraging all MSPs to download a free script developed and made available on GitHub for any Remote Monitoring and Management solution. >>

According to telemetry data from cybersecurity company Tenable, as of the 21st of December 2021, only 70% of organisations have even scanned for the Log4Shell vulnerability. >>

Norton Labs answers some common questions about the widespread software bug Log4J.>>

Sophos has provided new threat intelligence following the reporting of the Apache Log4Shell vulnerability.>>

The widely-used java logging library, log4j, has been actively exploited, according to an update from CERT NZ and Catalyst.>>

Team82 and JFrog have announced the discovery of 14 vulnerabilities affecting the latest version of BusyBox.>>

A vulnerability found in Microsoft Defender released under Patch Tuesday is the most concerning.>>

"From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application.">>

Vulnerabilities have been discovered in Wincor Cineo ATMs allowing illegal cash withdrawals>>

Ralls chats about web application security, vulnerability management, false positives, and why businesses need to think about vulnerability scanning in an entirely new way.>>

"Apple is aware of a report that this issue may have been actively exploited," the company states.>>

The average time to remediate the most severe vulnerabilities in an organisation’s IT infrastructure has now reached 256 days.>>

"Together, Ivanti and RiskSense will enable customers to take the right action at the right time and effectively defend against ransomware, which is the biggest security threat today.”>>

Tampering with this system may negatively impact a company's ability to work, to the point of full disruption of its protection system and stopping of business processes.>>

Every organisationusing Microsoft Exchange must patch their on-premise servers immediately and scan their networks for signs of malicious activity.>>

The vulnerabilities could enable attackers to break into the systems and run code, crash systems, and meddle with configuration files, amongst other malicious actions.>>

Tenable.ep is reportedly the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change.>>

2020 saw a large spike in physical and adjacent vulnerabilities, likely due to the proliferation of IoT and smart devices in use and being tested by researchers.>>

The total number of vulnerabilities in 2020 is on track to exceed 2019.>>

AppDynamics, part of Cisco, has released Cisco Secure Application, a solution designed to simplify vulnerability management, defend against cyber attacks and protect applications.>>

GitHub’s vice president of product management, Jeremy Epling, says that IT is increasingly relying on developers for security, testing, and responsibility for production operations.>>