vulnerability management lifecycle

How to Streamline the Vulnerability Management Life Cycle

Establishing a vulnerability management process is a crucial part of an organization's cybersecurity strategy and demands thoughtful planning ...
Security Boulevard
Threat Bulletin

BianLian GOs for PowerShell After TeamCity Exploitation

Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast […] ...

Urgent Update: Patching Critical iOS Zero-Day Vulnerabilities

Apple rolls out crucial updates to thwart active cyberattacks exploiting kernel-level iOS zero-day vulnerabilities in iPhones In an important move to strengthen the security of iPhone users, Apple has recently released emergency ...

JetBrains TeamCity Vulnerability Requires Immediate Patching

TeamCity, the build management and continuous integration server from JetBrains, requires immediate vulnerability patching : TeamCity 2023.11.4 Update Here : JetBrains, the leading software development company, has issued an urgent security advisory ...
NSFOCUS Research Labs Acknowledged by  MSRC for Reporting Azure Database Service RCE Vulnerability

NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability

Overview NSFOCUS received acknowledgments from the Microsoft Security Response Center (MSRC) for reporting Azure Database Service RCE Vulnerability. Azure Database for PostgreSQL – Flexible Server is a relational database service based on the ...

Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin

A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and ...
The curious case of 'csrf-magic': A case study in supply chain poisoning

The curious case of ‘csrf-magic’: A case study in supply chain poisoning

Back in the day, Ivanti disclosed CVE-2021-44529, a critical "code injection" vulnerability in its EPM Cloud Services Appliance (CSA) product ...

ConnectWise ScreenConnect Vulnerability: Urgent Update

ConnectWise announce ScreenConnect vulnerability, with admins urged to update on-prem servers to 23.9.8, immediately  : ScreenConnect 23.9.8 Update Here : Earlier this week, critical vulnerabilities were disclosed by ConnectWise in their widely ...

Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder

A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a ...
vulnerability ConnectWise

ConnectWise Says ScreenConnect Flaw Being Actively Exploited

Hackers are actively exploiting critical security flaws in ConnectWise’s remote desktop access tool just days after the software maker alerted customers of the vulnerabilities. ConnectWise learned of the bugs – tracked as ...
Security Boulevard