Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, providing the user access to remotely connect with another computer. Microsoft’s remote desktop protocol is one of the best currently available in the market, working efficiently with an effortless graphical user interface (GUI). It can be used between multiple Windows Operating Systems and Devices. This article discussed RDP protocol security and current RDP vulnerabilities.

On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own conference, this vulnerability affects HBS 3 Hybrid Backup Sync, a backup and disaster recovery solution used by organizations for secure data protection across multiple locations. The flaw allows remote attackers to execute arbitrary commands.

Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to steal sensitive information containing configurations, IP addresses, and credentials used by managed devices. In advanced notification emails, Fortinet warned its users of the vulnerability and mitigation steps. The vulnerability has a critical severity rating of 9.8 out of 10.

Kubernetes has become a cornerstone in modern IT environments, significantly revolutionizing the way applications are deployed and managed. Its ability to automate scaling, deployment, and management of containerized applications makes it indispensable for businesses aiming for agility, scalability, and efficiency. As organizations increasingly adopt microservices architectures, Kubernetes’ role in providing seamless orchestration and robust security continues to grow in importance.

Continuous vulnerability management is not just a best practice—it's a necessity. With so many open-source dependencies to choose from (almost 3 million on the npm registry!), it’s no wonder supply chain security incidents are the focus of malicious actors. Let’s not forget the rise of ChatGPT, LLM chatbots, and AI-assisted code generation.

7 hours. That’s how long, on average, a developer takes to remediate a security issue in their code. Vulnerability detection is improving rapidly and scaling, but remediating security risks is still a tedious, time-consuming process that takes developers away from their core work. And now, with AI-generated code introducing vulnerabilities at greater speed and volume than ever before, remediation is taking even more time.

Vulnerability management programs attempt to identify and correct software vulnerabilities before they pose a significant threat to an organization’s cybersecurity. To learn more about how to design and implement a vulnerability management program, check out these resources: This article describes the tools that an organization will need to implement an effective vulnerability management program.

This post is based on ongoing security research – and will continue to be updated as we get additional information…

CVE-2024-47575, also known as FortiJump, is a critical (9.8) missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Threat researcher Kevin Beaumont published a blog post on October 22nd, 2024 identifying this vulnerability as a zero day. This vulnerability is separate from CVE-2024-23113, which also affects FortiGate devices.

The Common UNIX Printing System (CUPS) is a widely used printing system on Unix-like operating systems, but recent vulnerabilities have exposed significant risks. The most critical is CVE-2024-47176, which affects the cups-browsed service by binding to the IP address INADDR_ANY:631. This configuration flaw causes it to trust all incoming packets, leading to potential remote code execution when interacting with malicious printers. This vulnerability is part of a chain of exploits, including.