ServiceNow cybersecurity News Trio of unauthenticated ServiceNow vulnerabilities exposed 42,000 CVE-2024-4879 (CVSS 9.8) lets “an unauthenticated user remotely execute code” -- ServiceNow swiftly pushed fix to hosted instances but those self-hosting must... Edward Targett July 11, 2024
OpenSSH Cybersecurity News Fake OpenSSH "exploit" is a real exploit. Just not the one you thought. Cisco says 42 products confirmed exposed to CVE-2024-6387 -- but OpenSSH exploit is malicious: Beware bogus POCs says Kaspersky Azania Imtiaz Patel July 08, 2024
OpenSSH Cybersecurity News Pre-auth RCE to root in OpenSSH server: 700,000 instances exposed RHEL 9 affected, Debian, Ubuntu, SUSE push fixes The Stack July 01, 2024
Cybersecurity CISA DevSecOps CISO News Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit... Fix up, look sharp: Uncle Sam is running out of patience with tech firms shipping insecure software. Vendors? Get familiar with the phrase "query parameterization"... Edward Targett June 26, 2024
NVD cybersecurity Hackuity Opinion How the NVD backlog highlights the need for context in vulnerability management "A Vulnerability Operations Centre (VOC) approach can work wonders here..." Sylvain Cortes June 18, 2024
Microsoft MSMQ News Microsoft updates mitigation for critical “wormable” bug 256,000 devices believed publicly exposed. But are MSMQ bugs really attacked in the wild? The Stack June 17, 2024
Fortinet cybersecurity News 20,000 Fortinet devices breached by Chinese hackers – reboots, firmware updates no defence "It is important that organizations practice the ‘assume breach’ principle..." YARA rules, hashes etc. available for defenders. Edward Targett June 11, 2024
SolarWinds file transfer Cybersecurity News “Trivially exploitable” bug in SolarWinds file server needs prompt fixing “CVE-2024-28995 is not known to be exploited in the wild as of 9 AM ET on June 11. We expect this to change." Edward Targett June 11, 2024
