Canon Medical Product Vulnerabilities Expose Patient Information
Trustwave is warning healthcare organizations of two cross-site scripting (XSS) vulnerabilities in Canon Medical’s popular medical imaging sharing tool Vitrea View.
read more
Vulnerabilities
DoD Announces Final Results of ‘Hack US’ Bug Bounty Program
The US Department of Defense (DoD) and HackerOne this week announced the results of the Hack US one-week bug bounty challenge that ran from July 4 to July 11, 2022.
read more
Microsoft Confirms Exploitation of Two Exchange Server Zero-Days
Microsoft has confirmed that it’s aware of two Exchange Server zero-day vulnerabilities that have been exploited in targeted attacks. The tech giant is working on patches.
read more
Cisco Patches High-Severity Vulnerabilities in Networking Software
Cisco this week announced IOS and IOS XE software updates that address 12 vulnerabilities, including 10 high-severity security flaws.
read more
Microsoft Exchange Attacks: Zero-Day or New ProxyShell Exploit?
A cybersecurity company based in Vietnam has reported seeing attacks exploiting a new Microsoft Exchange zero-day vulnerability, but it may just be a variation of the old ProxyShell exploit.
read more
North Korean Gov Hackers Caught Rigging Legit Software
Threat hunters at Microsoft have intercepted a notorious North Korean government hacking group lacing legitimate open source software with custom malware capable of data theft, espionage, financial gain and network destruction.
read more
Investors Bet on Ox Security to Guard Software Supply Chains
The funding frenzy in the software supply chain space now includes Ox Security, an early-stage Israeli startup that just raised a whopping $34 million in seed-stage financing.
read more
Details Disclosed After Schneider Electric Patches Critical Flaw Allowing PLC Hacking
Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that was disclosed more than a year ago.
read more
Drupal Updates Patch Vulnerability in Twig Template Engine
Updates announced for Drupal this week address a severe vulnerability in Twig that could lead to the leakage of sensitive information.
Drupal is a PHP-based open source web content management system that has been using Twig as its default templating en…