Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws.
VMware has patched another set of serious vulnerabilities across multiple products including VMware Workspace ONE Access. Organizations should patch urgently given past activity targeting vulnerabilities in VMware products.
The key players within the ransomware ecosystem, including affiliates and initial access brokers, work together cohesively like a band of musicians, playing their respective parts as they strive for fame and fortune.
Oracle addresses 188 CVEs in its third quarterly update of 2022 with 349 patches, including 66 critical updates.
Microsoft addresses 84 CVEs in its July 2022 Patch Tuesday release, including four critical flaws and one zero day that has been exploited in the wild.
CVE-2022-28219: Proof-of-Concept Published for Unauthenticated RCE in Zoho ManageEngine ADAudit PlusJune 30, 2022
New information and technical details, including a proof-of-concept have been published for a remote code execution flaw in Zoho ManageEngine ADAudit Plus that was patched last month.
The latest research from Forescout’s Vedere Labs explores the state of risk management in operational technology through the lens of 56 insecure-by-design vulnerabilities.
Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal EnterpriseJune 22, 2022
Ransomware is a constantly evolving cyberthreat, and it is through its evolution that ransomware has managed to not only survive, but thrive.
CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management VulnerabilitiesJune 17, 2022
Citrix patches a “nasty bug” in its Application Delivery Management solution that is difficult to exploit.
Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws.
CVE-2022-26134: Zero-Day Vulnerability in Atlassian Confluence Server and Data Center Exploited in the WildJune 3, 2022
A critical vulnerability in Atlassian Confluence Server and Data Center has been exploited in the wild by multiple threat actors. Organizations should review and implement mitigation guidance until a patch becomes available.
Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April.