F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated...

EUVD-2021-10061

Malware in sbrugna...

EUVD-2020-12593

Malware in sbrugna...

Citrix Workspace App for IOS version 24.8.0 is crashing for users using MicroVPN

Post autoupdate of CWA for IOS 24.8.0, IOS user experiences CWA crash Issue is affecting customers with MicroVPN enabled...

End of Sale/Renewal for Citrix DaaS Hybrid Rights add-on, new purchases, expansions, and renewals

Cloud Software Group has decided to end of sale EOS on October 11th, 2023, and end of renewal EOR on December 6th, 2023 all Citrix entitlements with hybrid rights HR. This change is designed to simplify our product line and deliver superior value and user experience to our customers. Scope of...

CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface

A vulnerability has been discovered in Ivanti Sentry, formerly known as MobileIron Sentry. This vulnerability impacts versions 9.18 and prior. The vulnerability does not impact other Ivanti products, such as Ivanti EPMM or Ivanti Neurons for MDM. If exploited, this vulnerability enables an...

Rapid7 Podcast Explores Hybrid-First Workplace Learnings

As the world continues to navigate the post-pandemic shift in work environments, Rapid7 is operating on a hybrid-first approach that balances flexibility and productivity with collaboration and optimizing for customer success. In the spirit of cross-collaboration, the People Development and...

Shipt: Improper Access Control + Financial fraud allows attacker to disclose + add arbitrary products to another's user's order

The vulnerability allowed an attacker to add arbitrary products to another user's order before it was placed. The attacker could also disclose the content of the victim's order, including their physical address. This was possible due to improper access control and lack of input validation on the...

Rapid7 Announces Global Days Off to Support Employees in 2023

On January 3rd, it was a little bit quieter than usual here at Rapid7. That's because our offices were closed for our first of five Global Days Off for 2023. Global Days Off are designed to encourage teams around the world to unplug and rest, enabling them to bring their best selves back to work...

Rapid7’s Response to Codecov Incident

Cybersecurity is Rapid7’s top priority, and when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard...

2020 DDoS Extortion Campaign -- A Sequel More Thrilling Than the Original

Costarring Susan McReynolds and Tom Emmons As you might imagine, as the go-to enterprise DDoS mitigation experts, our phones have been "ringing off the hook" as the global extortion DDoS campaign sequel rages on. It's bigger, badder, and features a broader cast of criminal characters than seen...

Black Hat Presentation - Web Cache Entanglement

Overview Akamai is aware of the 'Web Cache Entanglement: Novel Pathways to Poisoning' presentation at BlackHat on August 5, 2020. Two security vulnerabilities related to our content delivery networks' caching functionality were presented as part of this research. Akamai would like to thank James...

Celebrating Decades of Success with Microsoft at the Security 20/20 Awards

Effective collaboration is key to the success of any organization. But perhaps none more so than those working towards the common goal of securing our connected world. That’s why Trend Micro has always been keen to reach out to industry partners in the security ecosystem, to help us collectively...

Ransomware Attack Downs Hosting Service SmarterASP.NET

SmarterASP.NET, a popular web hosting provider with more than 440,480 customers, has been hit with a ransomware attack that took down its customers’ websites that were hosted by the company. The company on Monday said it is in the process of recovering impacted data. SmarterASP.NET offers shared...

Marriott breach impacts 500 million customers: here’s what to do about it

Today Marriott disclosed a large-scale data breach impacting up to 500 million customers who have stayed at a Starwood-branded hotel within the last four years. While details of the breach are still sparse, Marriott stated that there was unauthorized access to a database tied to customer...

OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers

OnePlus has confirmed that up to 40,000 customers have been affected by a credit card breach, in the latest embarrassing misstep for the Chinese handset maker. The news comes several days after OnePlus shut down credit card processing following complaints from customers about fraudulent charges...

Cloudflare CTO Goes Inside the Cloudbleed Bug

MADRID—John Graham-Cumming presided over a confessional Wednesday at Virus Bulletin 2017. Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug, which leaked memory from the content delivery network that included internal private keys and authentication...

DNS Registrar Fixes Hijack Vulnerability

UPDATE: The domain registrar and Web-hosting company Namecheap has fixed a cross-site request forgery vulnerability in its DNS setup page. According to security researcher Henry Hoggard, the bug could have given an attacker the ability to hijack domain name system servers and redirect incoming...

It's Time to Start Sharing Attack Details

With not even half of the year gone, 2011 is becoming perhaps the ugliest year on record for major attacks, breaches and incidents. Lockheed Martin, one of the larger suppliers of technology and weapons systems to the federal government, has become the latest high-profile target of a serious...

Patch Tuesday barrage: A bad case of amnesia

Yesterday was a perfect example of the lack of communication between software vendors and their customers about security. Three vendors released major patches for serious bugs, all within hours of each other. You would think that customers would be a high priority for all vendors, especially in...