Software – OWASP Jakarta

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in Read more…

By adminowasp, 6 months ago

News

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack Oct 24, 2024Ravie LakshmananVulnerability / Network Security Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The Read more…

By adminowasp, 8 months ago

News

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability Oct 16, 2024Ravie LakshmananVulnerability / Data Protection The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of Read more…

By adminowasp, 9 months ago

News

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Spamvertized Github Powershell Malicious Software Executing Campaign Spotted in the Wild Dear blog readers, I’ve recently intercepted a currently circulating spamvertised campaign enticing users into interacting with a Powershell script ultimately tricking them into downloading and executing malicious software on Read more…

By adminowasp, 9 monthsOctober 2, 2024 ago

News

New PondRAT Malware Hidden in Python Packages Targets Software Developers

New PondRAT Malware Hidden in Python Packages Targets Software Developers Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit Read more…

By adminowasp, 9 months ago

News

Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns

Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns Sep 24, 2024Ravie LakshmananAntivirus / National Security Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. Read more…

By adminowasp, 9 months ago

News

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now Sep 27, 2024Ravie LakshmananSoftware Security / Vulnerability Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version Read more…

By adminowasp, 9 months ago

News

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software Aug 15, 2024Ravie LakshmananEnterprise Security / Vulnerability SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 Read more…

By adminowasp, 11 months ago

News

Practical Guidance For Securing Your Software Supply Chain

Practical Guidance For Securing Your Software Supply Chain The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for Read more…

By adminowasp, 1 year ago

News

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. “The majority of the attributed malicious samples targeted financial institutions and government industries,” Read more…

By adminowasp, 1 year ago