The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.
The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.
Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…
The vendor ruled out a zero-day vulnerability as the root cause, disputing initial assessments from third-party researchers. Fewer than 40 organizations have been impacted since mid-July.
The initiative seeks to patch vulnerabilities in open-source code before they are exploited by would-be attackers. Now comes the hard part — putting the systems to the…
About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.
Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.