The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.The agency added the CVE-2022-44877 flaw to its KEV (Known Exploited Vulnerabilities) catalog and set a February 7th deadline for federal

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It

Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.The vulnerability, patched by Zoho last November, affects multiple Zoho ManageEngine products and can be reached over the internet to launch code execu

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.Tesla, in tandem with Pwn2Own organizations Zero Day Initiative, is offering a $600,000 cash prize to any hacker capable of writing exploits that pivot through multiple systems

Cisco’s Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers.A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring.Last year, Cisco’s Talos researchers identified three critic

Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space.Hack the Box said the $55 million Series B was led by global investment firm Carlyle. Paladin Capital Group, Osage University Part

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox.The zero-day, flagged by researchers at anti-malware company Avast, was exploited in live attacks to elevate privileges and escape a

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.The vulnerabilities, in the enterprise-facing Zoom Rooms product, could be exploited in privilege escalation attacks on both Windows and macOS platforms.The company’s first batch of patches for 2023 includ

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices.In a blog post documenting its research into four known macOS ransomwar

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a shiny crystal ball to find the cybersecurity narratives that will dominate this year’s headlines.For the most part, not much will change. Organizations large and small will continue to acknowledge major data breaches,

Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest.The company published two new critical advisories in late December. One of them describes an internally discovered vulnerability

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category.Financial terms of the acquisition were not disclosed. Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capit

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks.The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure

While enterprise VPNs fill a vital role for business, they have several limitations that impact their usability and cybersecurityOvernight, remote work evolved from a rarely used ‘perk’ with separately managed security and compliance processes, to becoming the center for keeping business running during the pandemic. To get work-from-anywhere initiatives off

Foxit Software has rolled out a critical-severity patch to cover a dangerous remote code execution flaw in its flagship PDF Reader and PDF Editor products.The vulnerability, which was discovered and reported by researchers at the Renmin University of China, could be exploited via rigged PDF files of web pages, the company warned in an advisory.Foxit, which o