Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Fifty-seven percent of more than 90,000 internet-exposed hosts continue to run TinyProxy instances unpatched against the critical use-after-free vulnerability, tracked as CVE-2023-49606, which could be leveraged to facilitate remote code execution attacks via an unauthenticated HTTP request, reports The Hacker News.
Organizations remediated security issues added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog 3.5 times faster than those that are not in the catalog, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks by Russian threat operation APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, using the GooseEgg malware to exploit the Windows print spooler flaw, tracked as CVE-2022-38028, have prompted the security issue's inclusion to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, Security Affairs reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.