OpenSSL has patched a bug that could have allowed a certificate that was not issued by a valid CA to slip into the certificate chain.
Removing the background noise from the Internet can give security analysts the context necessary to find the attacks that matter, says GreyNoise founder Andrew Morris.
There are still nearly 30,000 Exchange servers vulnerable to the ProxyLogon bug, with ransomware attacks and public exploits circulating.
Full chain exploits are in use against a critical flaw (CVE-2021-22986) in the F5 BIG-IP system.
Extending the requirement for vulnerability disclosure policies from federal agencies to their suppliers is not a quick fix for supply chain security issues.
The attackers behind the SolarWinds breach also gained access to and downloaded some Mimecast source code repositories.
Microsoft has published a new tool that installs a mitigation for the CVE-2021-26855 Exchange ProxyLogon flaw.
Andrew Morris, founder of GreyNoise, joins Dennis Fisher to talk about the unique origins of the company and the security case for removing all of the background noise from the Internet to find what really matters.
The number of Exchange servers vulnerable to the ProxyLogon flaws is continuing to drop, but there are still more than 60,000 online.
Attackers are installing the DearCry ransomware on some vulnerable Exchange servers.
Joe Slowik, senior security researcher at Domaintools, joins Dennis Fisher to discuss the Exchange vulnerabilities, the exploitation activity timeline, and the question of attribution.
The new ThreatFox platform from Abuse.ch is designed to allow researchers to share IOCs freely and easily without the need to register or subscribe to a feed.
F5 has patched four critical flaws in its BIG-IP appliances, all of which can lead to remote code execution.
Microsoft has patched a zero day in Internet Explorer and Edge that was used in attacks against security researchers.
GitHub has patched a flaw in a backend system that in rare cases could have routed one user's authenticated session to another user's browser.