543 matches found
Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now
Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2...
How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac
ThreatDown is happy to announce that our Vulnerability Assessment and Patch Management VPM tool is now available for Mac endpoints. There are hundreds of third-party apps that Mac endpoint use on a daily basis—and with that large number of apps comes a dizzying amount of software updates to apply...
Number withdrawn
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control, and other functional modules to support the entire lifecycle of desktop and server management. This CVE number has...
GHSA-4G2X-VQ5P-5VJ6 Budibase affected by VM2 Constructor Escape Vulnerability
Impact Previously, budibase used a library called vm2 for code execution inside the Budibase builder and apps, such as the UI below for configuring bindings in the design section. Due to a vulnerability in vm2, any environment that executed the code server side automations and column formulas was...
Uni5 Xposure: The Top 5 Benefits of Integrating With Patch Management Tools
What Does Uni5 Xposure Do? Uni5 Xposure is a comprehensive security solution tailored to conquer the challenges of risk-based vulnerability management and its evolved form, threat exposure management. Through its robust suite of features, Uni5 Xposure offers a dynamic approach to security...
Ransomware Reality Check: Deciphering Priorities in a Sea of Cyber Extortion
Welcome to a critical exploration of the 2023 Cyber Vulnerability Landscape, with a specific focus on the escalating threat of ransomware. I have previously shared the broader results we found in evaluating the 2023 threat landscape; this is now a deeper dive into what the data reveals specifical...
Qualys Patch Management: A Review of New Features in 2023 for Faster Elimination of Cyber Risk
The recent debut of Qualys’ Enterprise TruRisk Platform promises three key benefits: measuring, communicating, and eliminating cyber risk across the extended enterprise. Qualys Patch Management plays a pivotal role in this process towards the rapid elimination of cyber risk. Our focus during 2023...
Advancing Cybersecurity Management With Qualys Cloud Agent
In the first part of our series, we discussed the significant enhancements in Reduced Activity Periods RAP and Enhanced Capabilities for VDI in the Qualys Cloud Agent. In this second part of the series, we continue our exploration into the other two pivotal enhancements of this upgrade: 1. Agent...
Reduce Risk Faster With the Qualys Risk Reduction Recommendation Report
New vulnerabilities are found almost daily. However, most organizations struggle to identify, prioritize, and remediate vulnerabilities efficiently—making their environments vulnerable to risk. Last year, Qualys introduced Qualys VMDR with TruRiskTM, which helps organizations quantify cyber risk ...
CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has added two Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities catalog, and it has set the “due date” a week after they were added. Federal Civilian Executive Branch FCEB agencies are handed specific deadlines for wh...
A week in security (January 8 – January 14)
Last week on Malwarebytes Labs: FCC wants cars to make life harder for stalkers Joomla! vulnerability is being actively exploited Act now! Ivanti vulnerabilities are being actively exploited Ransomware review: January 2024 Info-stealers can steal cookies for permanent access to your Google accoun...
How does ThreatDown Vulnerability Assessment and Patch Management work?
Maintaining updated systems and applications is a challenge for any IT team—especially considering the sheer volume of vulnerabilities organizations must find and prioritize on a rolling basis. ThreatDown Vulnerability Assessment VA, now included for free in every ThreatDown bundle, simplifies th...
Recommendations that defenders can use from Talos’ Year in Review Report
The Talos Year in Review is available now and contains a wealth of insights about how the threat landscape has shifted in 2023. With new ransomware strains emerging from leaked source code, commodity loaders adding more reconnaissance measures to their belts, and geopolitical events influencing A...
Android phones can be taken over remotely – update when you can
Android phones are vulnerable to attacks that could allow someone to takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Googles Android security bulletin for December. In total, there are patches for 94...
Adobe Coldfusion vulnerability used in attacks on government servers
The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...
QSC23 – Qualys Announces a Directional Shift to Measure, Communicate, and Eliminate Cyber Risk with New Platform and Solutions
The 2023 Qualys Security Conference QSC started wrapping up on Thursday, November 9th, with two days of new technology announcements, impactful customer use cases, and thought-provoking talks from a host of engaging speakers, including Rachel Wilson, Managing Director at Morgan Stanley and Frank...
Patch…later? Safari iLeakage bug not fixed
Apple has released updates for its phones, Macs, iPads, watches, and TV streaming devices, fixing a bunch of security problems. But amid all that activity, one fix is notably absent—there is nothing to address the vulnerability dubbed iLeakage. iLeakage is a side-channel attack that can force the...
Update vCenter Server now! VMWare fixes critical vulnerability
VMWare has issued an update to address one out-of-bounds write and one information disclosure vulnerability in its server management software, vCenter Server. Since there are no in-product workarounds, customers are advised to apply the updates urgently. The affected products are VMware vCenter...
CVE-2022-42451
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user...
CVE-2022-42451
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user...