Didier Ruedin
6 hours ago

Call for papers Vulnerable Societies — Migrants, Minorities, Risks and Responses, Swiss Sociological Association Conference, Basel/Muttenz, 9–11 September 2024. #sociology #migration #c4p #vulnerability @sociology

Deadline: 15 August 2023

Jim Guckin
11 hours ago

Well this is new and scary. When a vendor tells you to remove their hardware, you know it's serious... #Barracuda: Immediately rip out and replace our security hardware #CyberSecurity #InfoSec #vulnerability

Graham Cluley
13 hours ago

Barracuda: Immediately rip out and replace our security hardware

(They filed it under "Legal" on their website)

#cybersecurity #vulnerability #malware #barracudanetworks

"We are committed to securing your data"
Anonymous :anarchism: 🏴
17 hours ago

A new research report has revealed that the notorious Clop #ransomware group has likely been silently "experimenting with ways to exploit" the recently disclosed critical MOVEit Transfer application #vulnerability (CVE-2023-34362) since 2021.


Anonymous :anarchism: 🏴
17 hours ago

Hold on tight! Researchers have released details and PoC exploit for a recently disclosed Windows #vulnerability (CVE-2023-29336) that was under active exploitation and allowed threat actors to gain SYSTEM privileges.


18 hours ago

The detection of a critical #vulnerability in MOVEit Transfer software has alerted users of this technology. The S.T.A².R.S. Team details the keys to the incident and the steps to mitigate it 📷

Wade Baker
1 day ago

For two decades, I've heard security professionals urging organizations to "just patch your stuff" as though they don't already know that and/or it's as simple as saying those words. This is where real data and "thought leaders" differ. The data acknowledges that things aren’t so simple in the real world because vulnerability remediation is a moving target (new vulns are found as old ones are fixed).

We measured the remediation capacity of hundreds of organizations over a 12-month period. To do this, we calculated the total number of open (unremediated) vulnerabilities in the environment and the total number closed each month. We then averaged that over the active timeframe to get a monthly open-to-closed ratio for each organization and created a log-log regression model. The results are recorded in the figure below, where each organization is plotted along the grid. And those results are INSANE!

The R2 statistic for this log-log regression model is 0 .93, meaning that it’s very strong and captures most of the variability around vulnerability closure rates. You can see this visually in the figure because all the points—which represent the remediation capacity for each firm—fit tightly along the regression line.

Strong models are great, but there’s something else we learned that’s greater still. Notice first that each axis is presented on a log scale, increasing by multiples of 10. Now, follow the regression line from the bottom left to upper right . See how every tenfold increase in open vulnerabilities is met with a roughly tenfold increase in closed vulnerabilities?

That, in a nutshell, is why it feels like your vulnerability management program always struggles to keep up. And why "just patch it, stupid" is ignorant and unhelpful advice. A typical organization will have the capacity to remediate about one out of every 10 vulnerabilities in their environment within a given month. That seems to hold true for firms large, small, and anywhere in between.

So is there no hope? Are vulnerability management programs destined to slowly drown in a quagmire of their own making? No! We did observe organizations that managed to drive down risky vulns in their environment over time...but that's another story for another post. Follow / stay tuned for their secret (hint: it doesn't require buying a product).

This chart comes from Prediction to Prioritization, Volume 3 - a joint study published 4 years ago between @cyentiainst and Kenna Security (now Cisco). You can view it for free here:

#vulnerabilitymanagement #vulnerabilities #secops #cybersecurity #infosec #informationsecurity

Jim Guckin
2 days ago

On the things you should be checking if they are vulnerabile in your environment this morning list. #Cisco fixes #privilegeescalation bug in Cisco Secure Client #CyberSecurity #InfoSec #CSNB #vulnerability

2 days ago

A new #vulnerability has just been discovered in the #Windows version of #itunes, which would allow attackers to escalate privileges on a machine to become local administrator. The S.T.A².R.S Team details how to protect against it 👇

2 days ago

How can I tell if an issue has been resolved via backporting? #apt #backport #vulnerability

Agnieszka R. Turczyńska
2 days ago

I have a bad luck regarding electronic payments. Today I've accidentally #DoS-ed a vending machine in the company by not putting the card to the reader quickly enough. And I think I've a scenario. What should I do? How to report #vulnerability for a vending machine?

Shai Almog
3 days ago
3 days ago

There is another issue with Ring security cameras which apparently allows attackers to take them offline with not much effort.

#security #privacy #ring #camera #vulnerability #amazon #mozilla

3 days ago

"Progress MOVEit vulnerability (CVE-2023-34362)"

#vulnerability 📚
3 days ago

#Google #Chrome 114 updated to patch the third #0day #vulnerability exploited in the wild this year. Update as soon as possible.

3 days ago

As more organizations grapple with the #MOVEit #vulnerability, we want to reiterate that isolating Internet-facing #MOVEIt servers is critical. Steven Adair recently spoke to @dangoodin about what @volexity observed and how orgs are impacted.

#dfir #threatintel

Dervishe the Grey
4 days ago

"A #vulnerability was found in #ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding."

4 days ago

"As authorities plan for a future with more intense disasters, they must not forget housing.
Many communities will become more vulnerable, from towns next to a river to cities surrounded by forest. #Governments have a responsibility to develop #disaster #preparedness and resilience – particularly around #housing.
What we’re seeing now with post-disaster housing #vulnerability is an unintended consequence of leaving housing to the #market system.
Recent catastrophic climate-linked disasters are etched into our communal psyche.
Climate-related disasters leave behind trauma and worse mental health."
#FossilFuel DIY #Disaster #Droughts #Bushfires #Storms #Floods #Heatwaves #OneHealth #Climate #Shelter

jbz :catjam:
5 days ago

🍎 New macOS vulnerability, Migraine, could bypass System Integrity Protection
➥ Microsoft Security Blog

"A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device."

#macOS #Vulnerability #CyberSecurity

Daniel Bretschneider
6 days ago

Another #opensource #vulnerability scanner for #webservers and #cgi is #nikto. It scans for dangerous files, outdated server software and performs other checks against security #threats.

Mark Gardner ‍:sdf:
6 days ago

This #vulnerability was addressed on the *opening day* of the 2022 conference where it was presented. The #NoScript extension bundled with @torproject’s #TorBrowser protects against it, and #Tor #Browser users would have received it as an automatic update.

I don’t understand why #Wired is tweeting this old article. Unless a person pays attention to the publication date they might think this is a current threat.

#InfoSec #security #privacy

Graham Cluley
1 week ago

Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites.

Read more in my article on the Tripwire blog:

#cybersecurity #wordpress #plugin #vulnerability

WordPress logos, behind a collage of plugin icons and a sneaky beetle icon.
Prof Nisreen Alwan ☀️
1 week ago

Contrary to common advice I talk about my negative #imposter thoughts. Because spelling them out loud:
1. makes them sound silly to you too
2. reduces the #shame element
3. allows trusted others you’re telling to give you positive feedback which we all need
4. normalises #vulnerability

Dissent Doe :cupofcoffee:
2 weeks ago

@ValeryMarchive @brett

Nice work!

As a reminder, Britton White and I had written an explainer for the public about Redline and infostealers., so if anyone needs help educating their relatives, you can download a free copy of our article: "Redline: Storing Passwords in your Browser Can Ruin Your Life (But Will Make Criminals VERY Happy!)" at

Britton continues to post examples of login creds he finds for entities that have had breaches. Whether those creds were used to gain access is unknown, but the risk was there. If you follow him on LinkedIn, you can read all the sad examples.

#infostealer #redline #vulnerability #passwords #creds #login #browser #Infosec #cybersecurity

2 weeks ago

#DPAs focus on #vulnerability as part of their work (complaints, guidelines etc). #EDPS Strategy also contains the concept of vulnerability in data protection. However, we have to decide if we express ourselves on the general level or specific context

Wojciech Wiewiórowski
2 weeks ago

The panel discusses the relationship between #vulnerability and #dataprotection. Power imbalance generates human vulnerability, how data protection play a key role to enable vulnerable people’s fundamental rights

Prof Malgeri presenting the book to the panellists and audience
Jeff Moore
3 weeks ago

New episode of the School Ahead #podcast now available! Thoughts on #vulnerability in #education and #leadership in public #schools. Search and subscribe in your favorite podcast service, or visit below. #school #k12 #teaching #teacher #teachers #students @edutooter @edutooters

IT News
3 weeks ago

Prompt Injection: An AI-Targeted Attack - For a brief window of time in the mid-2010s, a fairly common joke was to send voic... - #artificialintelligence #injectionattack #promptinjection #vulnerability #security #chatgpt #youtube #gpt #ai

3 weeks ago

From the "the 's' in #IoT stands for 'security'" department: Belkin Wemo Mini Smart Plug V2 has a remote code execution #vulnerability (CVE-2023-27217) that will **NOT** be patched because the product is EOL:

#infosec #rce #cve

3 weeks ago

⚠️PSA for anyone with #WordPress v6.2.1. WP core team removed shortcodes support in templates to fix a #vulnerability. Many plugins & websites are broken now. You should check your website if you use shortcodes.

Trac ticket:

#cms #php #opensource #foss #wp #webdev #infosec #security #classicpress

Gianmarco :archlinux: :kde:
3 weeks ago

Uh oh... Time to switch to #Matrix and #XMPP full time? If you're on a #Mac you could be in danger, other platforms are fine, but it doesn't change the fact that #Telegram is kinda spooky.

#CIA #Vulnerability #Glowies #BigTech #SurveillanceCapitalism

Twitter user @mattjay says that a Google engineer found a vulnerability in Telegram that allows to get microphone and camera permissions. The engineer reported it to Telegram, but they haven't addressed it.
The CIA tweets that they launched a Telegram channel of their own.
Amit Serper :donor:
3 weeks ago

I'm very happy to share with you all my latest research #blogpost along with my awesome team mate Reuven Yakar. Reuven and I found a critical vulnerability in the popular Wemo smart electrical socket by Belkin. This research had all the fun stuff - software AND hardware hacking and reverse engineering and I'm super excited to finally be able to share it. Note that Belkin WILL NOT be releasing a patch to this vulnerability:

#iot #security #securityresearch #belkin #wemo #vulnerability #cve

Astra Kernel :verified:
1 month ago

🪲 0-click vulnerability in Outlook (new bypass by @akamai_research) to steal NTLM credentials

👉 Unauthenticated attacker could coerce an #outlook client to connect to an attacker-controlled server

👉 No user interaction

#infosec #Vulnerability

Screenshot of exploitation result

I have been *dying* to talk about this and finally can.

Remember that 0-click Outlook vulnerability with a custom sound leading to NTLM theft? The one that MSFT themselves stated it originated and was being actively used by Russian actors?

@nachoskrnl found a way to bypass the patch to it. By adding one singular slash.

Write-up 👇​

#microsoft #patchtuesday #outlook #vulnerability

1 month ago

„Presents versus privacy“

Zerforschung doing a great job again at researching a startup promise and finding a simple but bad vulnerability.

#security #research #vulnerability #data #privacy #session #cookies

Marco Ivaldi
1 month ago

Clever exploitation of a cool bug by trellix…

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure #Vulnerability in #Windows Graphics Component

Graham Cluley
1 month ago

Patch now! The Mirai IoT botnet is exploiting TP-Link routers.

Read more in my article on the Tripwire blog:

#cybersecurity #vulnerability #mirai #botnet #ddos #denialofservice #iot

Vulnerable TP-Link Archer AX21 router.

Let me get this straight… Still ZERO details about the Rapid Security Response from May 1, which presumably fixes at least one actively exploited #vulnerability.

But #Apple releases details for two random firmware updates, one from >3 weeks ago, for a #Bluetooth pairing issue⁉️🤨

Screenshot of HT201222
Andy Scollick
1 month ago

A new study has highlighted under-prepared regions across the world most at risk of the devastating effects of scorching temperatures. #climate #GlobalWarming #heatwave #vulnerability

Terence Eden
2 months ago

Argh! Found a #vulnerability in a big #OpenSource product.

No security.txt
No private issues on GitHub
No bug bounty listed

So I guess I can either raise a public issue on GitHub or email their tech support team.

Any other ideas?

Graham Cluley
2 months ago

Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it.

#cybersecurity #vulnerability

Nexx garage door opener