FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Apache Cordova App Harness Targeted in Dependency Confusion Attack

By: Newsroom
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository. This&

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

By: Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now

By: Newsroom
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked as CVE-2024-23917, carries a CVSS rating of 9.8 out of 10, indicative of its severity. "The vulnerability may enable an unauthenticated

VMWare user? Worried about β€œESXi ransomware”? Check your patches now!

By: Paul Ducklin
To borrow from HHGttG, please DON'T PANIC. But if you are two years out of date with patches, please do ACT NOW!

FTC threatens β€œlegal action” over unpatched Log4j and other vulns

By: Paul Ducklin
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!

❌