Want to know more about this topic or about us? Contact us!
Multiple versions of a WordPress plugin by the name of “School Management Pro” harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, . . . Read more
Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a . . . Read more
That was quick! 48 hours from exploit report to published patch.
Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.
New versions of QKD use separate wavelengths on the same fiber, improving cost and efficiency, but distance is still a challenge.
Two of Microsoft’s Patch Tuesday updates need a do-over after causing certificate-based authentication errors.
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
Find and patch. Right now. If you can’t patch, get it off the network. Right now! Oh, and show us what you did to comply.