CISA flags two-year-old Oracle flaw as actively exploited in attacks
… Over the last several years, CISA has flagged 43 vulnerabilities across various Oracle products as exploited in the wild, 12 of which have been abused in ransomware attacks. …
Search
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
… Over the past several years, CISA has tagged 11 vulnerabilities across various SolarWinds products as actively exploited in attacks, one of which has also been abused by ransomware gangs. …
GM agrees to $12.75M California settlement over sale of drivers’ data
… The data was allegedly collected through GM’s OnStar subsidiary and its “Smart Driver” system and was reportedly intended for driver-scoring products related to insurance. …
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
… "Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. …
Trend Micro warns of Apex One zero-day exploited in the wild
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." On Thursday, Trend Micro also released security updates to address seven local privilege escalation vulnerabilities in the Apex One… …
CISA orders feds to patch actively exploited Drupal vulnerability
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." Over the last several years, CISA has flagged 5 Drupal vulnerabilities that have been exploited in the wild, two of which have also… …
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." While this binding operational directive applies only to U.S. federal agencies, CISA urged all security teams including those in th… …
Microsoft warns of new Defender zero-days exploited in attacks
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." On Tuesday, also shared mitigations for YellowKey , a recently disclosed Windows BitLocker zero-day flaw that allows attackers to a… …
New Fragnesia Linux flaw lets attackers gain root privileges
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." In April, Linux distros patched another root-privilege escalation vulnerability dubbed Pack2TheRoot in the PackageKit daemon that h… …
New Linux 'Dirty Frag' zero-day gives root on all major distros
… "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." In April, Linux distros patched another root-privilege escalation vulnerability dubbed Pack2TheRoot that had been found after a dec… …