#The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "aggressive" timeframes. <!--adsense--> "These

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "aggressive" timeframes. <!--adsense--> "These

The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability "can be exploited locally or

A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution.

For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights. On the other, organizations don’t have the right means to manage the massive scale of logs and data produced to derive any value from it.  Log

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. Launching the "Security in Agile" program Headquartered in Vienna, Raiffeisen Bank International (RBI) operates across 14

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. Launching the "Security in Agile" program Headquartered in Vienna, Raiffeisen Bank International (RBI) operates across 14