Security
Headlines
HeadlinesLatestCVEs

Tag

#log4j

A (somewhat) complete timeline of Talos’ history

Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years.

TALOS
Open in Source
#vulnerability#mac#microsoft#linux#cisco#git#intel#log4j
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT 40 has previously targeted organizations in various countries, including

Practical Guidance For Securing Your Software Supply Chain

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude. For example, look no

TellYouThePass Ransomware Group Exploits Critical PHP Flaw

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

Process to Verify Software Was Built Securely Begins Today

The US government launched a self-attestation form asking software developers to affirm their software was developed securely. Compliance starts today for software used in critical infrastructure.

The Race for AI-Powered Security Platforms Heats Up

Microsoft, Google, and Simbian each offers generative AI systems that allow security operations teams to use natural language to automate cybersecurity tasks.

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context.

Gentoo Linux Security Advisory 202402-16

Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.

Patch management needs a revolution, part 4: Sane patching is safe patching is selective patching

This is the fourth part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesPatch management needs a revolution, part 3: Vulnerability scores and the concept of trustOne of the biggest concerns with modern patch management is that we haven’t truly challenged our thinking around “patching everything” over the past 40 years. Today, we are still inundated with customer requests to patch everything, despite the available ev