Security
Headlines
HeadlinesLatestCVEs

Tag

#log4j

CVE-2023-0815: NMS-15305: Update log4j config file by mershad-manesh · Pull Request #5741 · OpenNMS/opennms

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

CVE
Open in Source
#git#log4j
CVE-2023-26462: ThingsBoard Release Notes

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

Half of Apps Have High-Risk Vulnerabilities Due to Open Source

Open source software dependencies are affecting the software security of different industries in different ways, with mature industries becoming more selective in their open source usage.

Headwinds Don't Have to Be a Drag on Your Security Effectiveness

Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.

Cybersecurity Jobs Remain Secure Despite Recession Fears

Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets.

Oligo Security Takes Aim at Open Source Vulnerabilities

The startup's software helps organizations secure their containers in the cloud by teasing out which packages are running and which are vulnerable.

Healthcare in the Crosshairs of North Korean Cyber Operations

CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.

North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. The attacks, which demand cryptocurrency ransoms in exchange for recovering access to encrypted files, are designed to support North Korea's

3 Overlooked Cybersecurity Breaches

Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them. #1: 2 RaaS Attacks in 13 Months Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from