Attackers are targeting the critical Atlassian Confluence flaw (CVE-2023-22518) with active exploit attempts, including some trying to deploy ransomware.
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Apache disclosed this flaw and released patches for it on Oct. 25, and proof-of-concept exploit code is also available for the bug.
Further details for the vulnerability were not specified, but the bug is rated 9.1 out of 10 on the CVSS v3 scale, and Atlassian is underscoring its potential impact for customers.
In the premier episode of Memory Safe, our new podcast and video series, Dennis Fisher talks with Michelle Finneran Dennedy, founder and CEO of Privacy Code, former CPO of Sun Microsystems and Cisco, and all around great person, about her early interest in technology, the influence of her father on her career, and why she's still doing security after all this time.
Federal agencies are being ordered to take a closer look at how AI could potentially impact areas like vulnerability discovery capabilities or critical infrastructure cyberattacks.
The critical-severity, unauthenticated remote code execution flaw exists in several versions of the F5 BIG-IP security appliances.
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
VMware has released patches for a critical-severity vulnerability that could enable remote code execution attacks.
The Winter Vivern APT group has been targeting a zero day XSS vulnerability in the Roundcube webmail server in recent weeks.
Dennis Fisher talks with Mat Donahue, a former FBI counterterrorism specialist and founder and CEO of Kodex, and Nick Selby, a technologist and law enforcement officer, about the challenges organizations face when responding to data requests from law enforcement agencies and how CISOs and legal teams can address them.
Cisco has released an update for two zero days in IOS XE that attackers have been exploiting in the wild.
Okta customer BeyondTrust said that it first detected the attack and notified Okta on Oct. 2, though Okta did not confirm an internal breach until Oct. 19.
Law enforcement agencies from Europe and the U.S. seized the infrastructure and arrested alleged members of the Ragnar Locker ransomware gang this week.
The hope is that these types of committees will tighten collaboration between boards and CISOs and lead to more support and resources for organizations’ cybersecurity strategies.